added the login check and the project public access check in the graphing function

2015-02-04 08:02:12 +00:00
parent 7dc151b1c1
commit 187ef7705a
1 changed files with 16 additions and 0 deletions
--- a/codepot/src/codepot/controllers/code.php
+++ b/codepot/src/codepot/controllers/code.php
@ -637,6 +637,22 @@ class Code extends Controller

 	function graph ($type = '', $projectid = '', $path = '')
 	{
+		$this->load->model ('ProjectModel', 'projects');
+
+		$login = $this->login->getUser ();
+		if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
+		{
+			header($_SERVER['SERVER_PROTOCOL'].' 404 Not Found'); 
+			return;
+		}
+
+		$project = $this->projects->get ($projectid);
+		if ($project === FALSE || ($project->public !== 'Y' && $login['id'] == ''))
+		{
+			header($_SERVER['SERVER_PROTOCOL'].' 404 Not Found'); 
+			return;
+		}
+
 		$this->load->model ('SubversionModel', 'subversion');

 		$path = $this->converter->HexToAscii ($path);