Commit ec5d6ce62e383cef4a6fa0094755957b61e390ef
1 parent
3df32513
[security] make actions check that they are not disabled (e.g. by workflow)
before dispatch. git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@4704 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
4 additions
and
0 deletions
lib/actions/documentaction.inc.php
| @@ -129,6 +129,10 @@ class KTDocumentAction extends KTStandardDispatcher { | @@ -129,6 +129,10 @@ class KTDocumentAction extends KTStandardDispatcher { | ||
| 129 | } | 129 | } |
| 130 | } | 130 | } |
| 131 | } | 131 | } |
| 132 | + | ||
| 133 | + // catch non-enabled state. | ||
| 134 | + if ($this->_disable()) { return false; } | ||
| 135 | + | ||
| 132 | $aOptions = array( | 136 | $aOptions = array( |
| 133 | "final" => false, | 137 | "final" => false, |
| 134 | "documentaction" => "viewDocument", | 138 | "documentaction" => "viewDocument", |