Project

General

Profile

« Previous | Next » 

Revision 1406

Added by FrankH almost 14 years ago

  1. Security fix to stop users from changing module contents without permission, thanks to Michael Schwarz

View differences:

add.php
49 49 
$admin_groups[] = 1;
50 50 
$viewing_groups[] = 1;
51 51 

  		




  
  52
  
    
// check parent page permissions:


  		




  52
  53
  
    
if ($parent!=0) {


  		




  53
  54
  
    
	if (!$admin->get_page_permission($parent,'admin'))


  		




  54
  55
  
    
    {


  		




  ......




  60
  61
  
    
	$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']);


  		




  61
  62
  
    
}	


  		




  62
  63
  
    

  		




  
  64
  
    
// check module permissions:


  		




  
  65
  
    
if (!$admin->get_permission($module, 'module'))


  		




  
  66
  
    
{


  		




  
  67
  
    
	$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']);


  		




  
  68
  
    
}	


  		




  
  69
  
    

  		




  63
  70
  
    
// Validate data


  		




  64
  71
  
    
if($title == '' || substr($title,0,1)=='.')


  		




  65
  72
  
    
{


  		




  ......




  75
  82
  
    
		if (in_array($adm_group, $admin->get_groups_id()))


  		




  76
  83
  
    
        {


  		




  77
  84
  
    
			$admin_perm_ok = true;


  		




  78
  
  
    
		}


  		




  
  85
  
    
		} 


  		




  79
  86
  
    
	}


  		




  80
  87
  
    
	if ($admin_perm_ok == false)


  		




  81
  88
  
    
    {


  		












Also available in:  Unified diff