From c54512cb44bbdc2e14fac1ae11c1ab0c3343b856 Mon Sep 17 00:00:00 2001
From: steinm <steinm@577cc39b-cfd1-4aa2-8bc3-eda205cea05a>
Date: Mon, 12 Mar 2012 10:26:26 +0000
Subject: [PATCH] =?UTF-8?q?=C2=AD=20fixed=20weak=20access=20protection?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 webdav/letodms_webdav.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/webdav/letodms_webdav.php b/webdav/letodms_webdav.php
index b495fe000..43aa05678 100644
--- a/webdav/letodms_webdav.php
+++ b/webdav/letodms_webdav.php
@@ -230,6 +230,7 @@ class HTTP_WebDAV_Server_LetoDMS extends HTTP_WebDAV_Server
 		if (get_class($obj) == 'LetoDMS_Core_Folder' && !empty($options["depth"])) {
 
 			$subfolders = $obj->getSubFolders();
+			$subfolders = LetoDMS_Core_DMS::filterAccess($subfolders, $this->user, M_READ);
 			if ($subfolders) {
 				// ok, now get all its contents
 				foreach($subfolders as $subfolder) {
@@ -238,6 +239,7 @@ class HTTP_WebDAV_Server_LetoDMS extends HTTP_WebDAV_Server
 				// TODO recursion needed if "Depth: infinite"
 			}
 			$documents = $obj->getDocuments();
+			$documents = LetoDMS_Core_DMS::filterAccess($documents, $this->user, M_READ);
 			if ($documents) {
 				// ok, now get all its contents
 				foreach($documents as $document) {