From b70c6809648bb3c78e5e26f9293727b3a7aa4025 Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Thu, 2 Jun 2016 22:27:26 -0400 Subject: Major corrections to access control and page construction. --- include/widgets.php | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'include/widgets.php') diff --git a/include/widgets.php b/include/widgets.php index 536af8818..d9dac1afa 100644 --- a/include/widgets.php +++ b/include/widgets.php @@ -857,27 +857,27 @@ function widget_chatroom_members() { function widget_wiki_list($arr) { require_once("include/wiki.php"); - if (argc() > 1) { - $nick = argv(1); - $channel = get_channel_by_nick($nick); - } else { + $channel = null; + if (argc() < 2 && local_channel()) { + // This should not occur because /wiki should redirect to /wiki/channel ... $channel = \App::get_channel(); - $nick = $channel['channel_address']; - } - $wikis = wiki_list($channel, get_observer_hash()); - if (local_channel() === intval($channel['channel_id'])) { - $showControls = true; } else { - $showControls = false; + $channel = get_channel_by_nick(argv(1)); // Channel being viewed by observer } + if (!$channel) { + return ''; + } + $wikis = wiki_list($channel, get_observer_hash()); if ($wikis) { return replace_macros(get_markup_template('wikilist.tpl'), array( '$header' => t('Wiki List'), - '$channel' => $nick, + '$channel' => $channel['channel_address'], '$wikis' => $wikis['wikis'], - '$showControls' => $showControls + // If the observer is the local channel owner, show the wiki controls + '$showControls' => ((local_channel() === intval($channel['channel_id'])) ? true : false) )); } + return ''; } function widget_wiki_pages($arr) { -- cgit v1.2.3