# HG changeset patch
# User Dan
# Date 1232320195 18000
# Node ID 44b68ee8d2f59a8e722515479b989be76f724df8
# Parent  5ae3a82c15f1a3758b824542460d9b7f4ecf62a6
SECURITY: Enforce denied history_view on previous revisions

diff -r 5ae3a82c15f1 -r 44b68ee8d2f5 includes/pageprocess.php
--- a/includes/pageprocess.php	Sun Jan 18 18:09:08 2009 -0500
+++ b/includes/pageprocess.php	Sun Jan 18 18:09:55 2009 -0500
@@ -165,6 +165,11 @@
       $this->err_access_denied();
       return false;
     }
+    if ( $this->revision_id > 0 && !$this->perms->get_permissions('history_view') )
+    {
+      $this->err_access_denied();
+      return false;
+    }
     $pathskey = $paths->nslist[ $this->namespace ] . $this->page_id;
     $strict_no_headers = false;
     if ( isset($paths->pages[$pathskey]) )