Revision 1406
Added by FrankH almost 14 years ago
- Security fix to stop users from changing module contents without permission, thanks to Michael Schwarz
add.php | ||
---|---|---|
49 | 49 |
$admin_groups[] = 1; |
50 | 50 |
$viewing_groups[] = 1; |
51 | 51 |
|
52 |
// check parent page permissions: |
|
52 | 53 |
if ($parent!=0) { |
53 | 54 |
if (!$admin->get_page_permission($parent,'admin')) |
54 | 55 |
{ |
... | ... | |
60 | 61 |
$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']); |
61 | 62 |
} |
62 | 63 |
|
64 |
// check module permissions: |
|
65 |
if (!$admin->get_permission($module, 'module')) |
|
66 |
{ |
|
67 |
$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']); |
|
68 |
} |
|
69 |
|
|
63 | 70 |
// Validate data |
64 | 71 |
if($title == '' || substr($title,0,1)=='.') |
65 | 72 |
{ |
... | ... | |
75 | 82 |
if (in_array($adm_group, $admin->get_groups_id())) |
76 | 83 |
{ |
77 | 84 |
$admin_perm_ok = true; |
78 |
} |
|
85 |
}
|
|
79 | 86 |
} |
80 | 87 |
if ($admin_perm_ok == false) |
81 | 88 |
{ |
Also available in: Unified diff