CVSROOT: /cvsroot/phpgroupware Module name: admin Branch: Changes by: Dave Hall <[EMAIL PROTECTED]> 06/03/12 11:39:55
Modified files: inc : class.bo_custom_fields.inc.php class.ui_custom_fields.inc.php Log message: added unsaved security check CVSWeb URLs: http://cvs.savannah.gnu.org/viewcvs/phpgroupware/admin/inc/class.bo_custom_fields.inc.php.diff?tr1=1.1&tr2=1.2&r1=text&r2=text http://cvs.savannah.gnu.org/viewcvs/phpgroupware/admin/inc/class.ui_custom_fields.inc.php.diff?tr1=1.1&tr2=1.2&r1=text&r2=text Patches: Index: admin/inc/class.bo_custom_fields.inc.php diff -u admin/inc/class.bo_custom_fields.inc.php:1.1 admin/inc/class.bo_custom_fields.inc.php:1.2 --- admin/inc/class.bo_custom_fields.inc.php:1.1 Sun Mar 12 11:19:48 2006 +++ admin/inc/class.bo_custom_fields.inc.php Sun Mar 12 11:39:55 2006 @@ -4,7 +4,7 @@ * @author Dave Hall dave.hall at skwashd.com * @copyright Copyright (C) 2006 Free Software Foundation http://www.fsf.org/ * @license http://www.gnu.org/licenses/gpl.html GNU General Public License -* @version $Id: class.bo_custom_fields.inc.php,v 1.1 2006/03/12 11:19:48 skwashd Exp $ +* @version $Id: class.bo_custom_fields.inc.php,v 1.2 2006/03/12 11:39:55 skwashd Exp $ */ class bo_custom_fields @@ -29,6 +29,11 @@ */ function bo_custom_fields($appname = '') { + if ( $GLOBALS['phpgw']->acl->check('custom_fields_access',1,'admin')) + { + Header('HTTP/1.0 403 Forbidden'); + die(lang('you do not have access to this functionality')); + } $this->custom = createObject('phpgwapi.custom_fields', $appname); } Index: admin/inc/class.ui_custom_fields.inc.php diff -u admin/inc/class.ui_custom_fields.inc.php:1.1 admin/inc/class.ui_custom_fields.inc.php:1.2 --- admin/inc/class.ui_custom_fields.inc.php:1.1 Sun Mar 12 11:19:48 2006 +++ admin/inc/class.ui_custom_fields.inc.php Sun Mar 12 11:39:55 2006 @@ -4,7 +4,7 @@ * @author Dave Hall dave.hall at skwashd.com * @copyright Copyright (C) 2006 Free Software Foundation http://www.fsf.org/ * @license http://www.gnu.org/licenses/gpl.html GNU General Public License -* @version $Id: class.ui_custom_fields.inc.php,v 1.1 2006/03/12 11:19:48 skwashd Exp $ +* @version $Id: class.ui_custom_fields.inc.php,v 1.2 2006/03/12 11:39:55 skwashd Exp $ */ class ui_custom_fields { @@ -32,7 +32,13 @@ */ function ui_custom_fields() { - $this->bo =& createObject('admin.bo_custom_fields', $_REQUEST['appname']); + if ( $GLOBALS['phpgw']->acl->check('custom_fields_access',1,'admin')) + { + $GLOBALS['phpgw']->redirect_link('/admin/index.php'); + exit; + } + + $this->bo =& createObject('admin.bo_custom_fields', $_REQUEST['appname']); $this->t =& $GLOBALS['phpgw']->xslttpl; } _______________________________________________ Phpgroupware-cvs mailing list Phpgroupware-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs