mirror of
https://github.com/silverstripe/silverstripe-cms
synced 2024-10-22 08:05:56 +02:00
BUGFIX Only enforcing record-level permissions in LeftAndMain if passed ID is numeric to avoid breaking AssetAdmin with string-based IDs (regression from r65152). See #3017
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/trunk@65213 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
b6ae79afce
commit
bcfa95887f
@ -282,7 +282,7 @@ class LeftAndMain extends Controller {
|
||||
$this->setCurrentPageID($_REQUEST['ID']);
|
||||
SSViewer::setOption('rewriteHashlinks', false);
|
||||
|
||||
if(isset($_REQUEST['ID'])) {
|
||||
if(isset($_REQUEST['ID']) && is_numeric($_REQUEST['ID'])) {
|
||||
$record = DataObject::get_by_id($this->stat('tree_class'), $_REQUEST['ID']);
|
||||
if($record && !$record->canView()) return Security::permissionFailure($this);
|
||||
}
|
||||
@ -768,9 +768,11 @@ JS;
|
||||
$id = isset($_REQUEST['ID']) ? $_REQUEST['ID'] : $this->currentPageID();
|
||||
|
||||
if(!$id) return false;
|
||||
|
||||
$record = DataObject::get_by_id($this->stat('tree_class'), $id);
|
||||
if($record && !$record->canView()) return Security::permissionFailure($this);
|
||||
|
||||
if(is_numeric($id)) {
|
||||
$record = DataObject::get_by_id($this->stat('tree_class'), $id);
|
||||
if($record && !$record->canView()) return Security::permissionFailure($this);
|
||||
}
|
||||
|
||||
return $this->getEditForm($id);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user