Index: openacs-4/packages/acs-subsite/www/permissions/perm-include.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/permissions/perm-include.tcl,v
diff -u -r1.20.2.5 -r1.20.2.6
--- openacs-4/packages/acs-subsite/www/permissions/perm-include.tcl	24 Apr 2024 14:06:50 -0000	1.20.2.5
+++ openacs-4/packages/acs-subsite/www/permissions/perm-include.tcl	24 Apr 2024 14:32:48 -0000	1.20.2.6
@@ -11,6 +11,23 @@
     {privs { read create write delete admin }}
     {detailed_permissions_p:boolean,notnull f}
     {user_add_url:localurl ""}
+} -validate {
+    valid_privs -requires {privs} {
+        #
+        # Ensure users can only specify valid privileges.
+        #
+        set n_privs [llength $privs]
+        if {$n_privs == 0} {
+            return
+        }
+        set n_valid_privs [db_string get_valid_permissions "
+            select count(*) from acs_privileges
+             where privilege in ([ns_dbquotelist $privs])"]
+        if {$n_privs != $n_valid_privs} {
+            ad_complain [_ acs-tcl.lt_name_contains_invalid \
+                             [list name privs]]
+        }
+    }
 }
 
 set user_id [ad_conn user_id]