aboutsummaryrefslogtreecommitdiff
path: root/views/default
diff options
context:
space:
mode:
authorbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-09-06 02:18:35 +0000
committerbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-09-06 02:18:35 +0000
commitab4f981ee2ee9f2ba3766673a04a7d16e9bb1850 (patch)
tree7f74b8c1daa9b25be4c19ac3781809485fe0e6fe /views/default
parenta8fed067d74f0fce4ffd90be02eb65adf35b2ad5 (diff)
downloadelgg-ab4f981ee2ee9f2ba3766673a04a7d16e9bb1850.tar.gz
elgg-ab4f981ee2ee9f2ba3766673a04a7d16e9bb1850.tar.bz2
Fixed a potential security issue concerning site views.
git-svn-id: https://code.elgg.org/elgg/trunk@3464 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'views/default')
-rw-r--r--views/default/site/default.php11
1 files changed, 10 insertions, 1 deletions
diff --git a/views/default/site/default.php b/views/default/site/default.php
index 44f052d18..dcb305419 100644
--- a/views/default/site/default.php
+++ b/views/default/site/default.php
@@ -8,5 +8,14 @@
* @link http://elgg.org/
*/
- echo elgg_view('object/default', $vars);
+ // sites information (including plugin settings) shouldn't be shown.
+ // there's not a real reason to display a site object
+ // unless specifically overriden with a subtype view.
+ if ($site = $vars['entity']->url) {
+ forward($site);
+ } else {
+ forward();
+ }
+
+ //echo elgg_view('object/default', $vars);
?> \ No newline at end of file