Project

General

Profile

« Previous | Next » 

Revision 1406

Added by FrankH almost 14 years ago

  1. Security fix to stop users from changing module contents without permission, thanks to Michael Schwarz

View differences:

add.php
49 49
$admin_groups[] = 1;
50 50
$viewing_groups[] = 1;
51 51

  
52
// check parent page permissions:
52 53
if ($parent!=0) {
53 54
	if (!$admin->get_page_permission($parent,'admin'))
54 55
    {
......
60 61
	$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']);
61 62
}	
62 63

  
64
// check module permissions:
65
if (!$admin->get_permission($module, 'module'))
66
{
67
	$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']);
68
}	
69

  
63 70
// Validate data
64 71
if($title == '' || substr($title,0,1)=='.')
65 72
{
......
75 82
		if (in_array($adm_group, $admin->get_groups_id()))
76 83
        {
77 84
			$admin_perm_ok = true;
78
		}
85
		} 
79 86
	}
80 87
	if ($admin_perm_ok == false)
81 88
    {

Also available in: Unified diff