diff options
author | brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-09-06 02:18:35 +0000 |
---|---|---|
committer | brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-09-06 02:18:35 +0000 |
commit | ab4f981ee2ee9f2ba3766673a04a7d16e9bb1850 (patch) | |
tree | 7f74b8c1daa9b25be4c19ac3781809485fe0e6fe /views/default | |
parent | a8fed067d74f0fce4ffd90be02eb65adf35b2ad5 (diff) | |
download | elgg-ab4f981ee2ee9f2ba3766673a04a7d16e9bb1850.tar.gz elgg-ab4f981ee2ee9f2ba3766673a04a7d16e9bb1850.tar.bz2 |
Fixed a potential security issue concerning site views.
git-svn-id: https://code.elgg.org/elgg/trunk@3464 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'views/default')
-rw-r--r-- | views/default/site/default.php | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/views/default/site/default.php b/views/default/site/default.php index 44f052d18..dcb305419 100644 --- a/views/default/site/default.php +++ b/views/default/site/default.php @@ -8,5 +8,14 @@ * @link http://elgg.org/ */ - echo elgg_view('object/default', $vars); + // sites information (including plugin settings) shouldn't be shown. + // there's not a real reason to display a site object + // unless specifically overriden with a subtype view. + if ($site = $vars['entity']->url) { + forward($site); + } else { + forward(); + } + + //echo elgg_view('object/default', $vars); ?>
\ No newline at end of file |