From ab4f981ee2ee9f2ba3766673a04a7d16e9bb1850 Mon Sep 17 00:00:00 2001
From: brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Sun, 6 Sep 2009 02:18:35 +0000
Subject: Fixed a potential security issue concerning site views.

git-svn-id: https://code.elgg.org/elgg/trunk@3464 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 views/default/site/default.php | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'views/default/site')

diff --git a/views/default/site/default.php b/views/default/site/default.php
index 44f052d18..dcb305419 100644
--- a/views/default/site/default.php
+++ b/views/default/site/default.php
@@ -8,5 +8,14 @@
 	 * @link http://elgg.org/
 	 */
 
-	echo elgg_view('object/default', $vars);
+	// sites information (including plugin settings) shouldn't be shown.
+	// there's not a real reason to display a site object
+	// unless specifically overriden with a subtype view.
+	if ($site = $vars['entity']->url) {
+		forward($site);
+	} else {
+		forward();
+	}
+
+	//echo elgg_view('object/default', $vars);
 ?>
\ No newline at end of file
-- 
cgit v1.2.3