From ab4f981ee2ee9f2ba3766673a04a7d16e9bb1850 Mon Sep 17 00:00:00 2001 From: brettp Date: Sun, 6 Sep 2009 02:18:35 +0000 Subject: Fixed a potential security issue concerning site views. git-svn-id: https://code.elgg.org/elgg/trunk@3464 36083f99-b078-4883-b0ff-0f9b5a30f544 --- views/default/site/default.php | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'views/default') diff --git a/views/default/site/default.php b/views/default/site/default.php index 44f052d18..dcb305419 100644 --- a/views/default/site/default.php +++ b/views/default/site/default.php @@ -8,5 +8,14 @@ * @link http://elgg.org/ */ - echo elgg_view('object/default', $vars); + // sites information (including plugin settings) shouldn't be shown. + // there's not a real reason to display a site object + // unless specifically overriden with a subtype view. + if ($site = $vars['entity']->url) { + forward($site); + } else { + forward(); + } + + //echo elgg_view('object/default', $vars); ?> \ No newline at end of file -- cgit v1.2.3