Skip to content

Commit 9744f99

Browse files
rxturrxtur
committed
Security to BlogRoll admin (3.2.1.9)
1 parent ea85268 commit 9744f99

3 files changed

Lines changed: 24 additions & 1 deletion

File tree

BlogEngine/BlogEngine.Core/Data/ViewModels/BlogRollVM.cs

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,12 +29,19 @@ public List<BlogRollItem> BlogRolls
2929
/// <param name="form">submitted form</param>
3030
public void Add(NameValueCollection form)
3131
{
32+
if (!Security.IsAdministrator)
33+
throw new UnauthorizedAccessException();
34+
3235
var br = new BlogRollItem();
3336
br.Title = form["txtTitle"];
3437
br.Description = form["txtDesc"];
3538
br.BlogUrl = new Uri(form["txtWebsite"]);
3639
br.FeedUrl = new Uri(form["txtUrl"]);
3740
br.Xfn = GetXfn(form);
41+
42+
if (string.IsNullOrEmpty(br.Xfn))
43+
br.Xfn = "contact";
44+
3845
Providers.BlogService.InsertBlogRoll(br);
3946
}
4047
/// <summary>
@@ -44,6 +51,9 @@ public void Add(NameValueCollection form)
4451
/// <param name="id">Blogroll id</param>
4552
public void Update(NameValueCollection form, string id)
4653
{
54+
if (!Security.IsAdministrator)
55+
throw new UnauthorizedAccessException();
56+
4757
Guid gId;
4858
if (Guid.TryParse(id, out gId))
4959
{
@@ -53,6 +63,10 @@ public void Update(NameValueCollection form, string id)
5363
br.BlogUrl = new Uri(form["txtWebsite"]);
5464
br.FeedUrl = new Uri(form["txtUrl"]);
5565
br.Xfn = GetXfn(form);
66+
67+
if (string.IsNullOrEmpty(br.Xfn))
68+
br.Xfn = "contact";
69+
5670
Providers.BlogService.UpdateBlogRoll(br);
5771
}
5872
else
@@ -66,6 +80,9 @@ public void Update(NameValueCollection form, string id)
6680
/// <param name="id">Blogroll ID</param>
6781
public void Delete(string id)
6882
{
83+
if (!Security.IsAdministrator)
84+
throw new UnauthorizedAccessException();
85+
6986
Guid gId;
7087
if (Guid.TryParse(id, out gId))
7188
{

BlogEngine/BlogEngine.Core/Properties/AssemblyInfo.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,5 +19,5 @@
1919
[assembly: CLSCompliant(false)]
2020
[assembly: ComVisible(false)]
2121
[assembly: AllowPartiallyTrustedCallers]
22-
[assembly: AssemblyVersion("3.2.1.8")]
22+
[assembly: AssemblyVersion("3.2.1.9")]
2323
[assembly: SecurityRules(SecurityRuleSet.Level1)]

BlogEngine/BlogEngine.NET/AppCode/Api/BlogRollController.cs

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,13 +35,19 @@ public HttpResponseMessage Get(string id)
3535

3636
public HttpResponseMessage Post(BlogRollItem item)
3737
{
38+
if (!Security.IsAdministrator)
39+
return Request.CreateResponse(HttpStatusCode.Unauthorized, item);
40+
3841
BlogEngine.Core.Providers.BlogService.InsertBlogRoll(item);
3942
return Request.CreateResponse(HttpStatusCode.Created, item);
4043
}
4144

4245
[HttpPut]
4346
public HttpResponseMessage Update([FromBody]BlogRollItem item)
4447
{
48+
if (!Security.IsAdministrator)
49+
return Request.CreateResponse(HttpStatusCode.Unauthorized, item);
50+
4551
BlogEngine.Core.Providers.BlogService.UpdateBlogRoll(item);
4652
return Request.CreateResponse(HttpStatusCode.OK);
4753
}

0 commit comments

Comments
 (0)