Context Navigation

← Previous Changeset
Next Changeset →

Changeset 1684

Timestamp:

11/20/09 08:28:07 (14 years ago)

Author:

niltonneto

Message:

Ticket #773 - Correção de problema crítico no acesso indevido aos links do Admin.

Location:

trunk

Files:

: 11 edited

admin/inc/hook_admin.inc.php (modified) (1 diff)
admin/inc/hook_sidebox_menu.inc.php (modified) (1 diff)
calendar/inc/class.uicustom_fields.inc.php (modified) (1 diff)
calendar/inc/class.uigroup_access.inc.php (modified) (1 diff)
calendar/inc/class.uiholiday.inc.php (modified) (1 diff)
expressoAdmin1_2/inc/class.uimanagers.inc.php (modified) (4 diffs)
expressoAdmin1_2/inc/class.uisectors.inc.php (modified) (1 diff)
jabberit_messenger/inc/class.uiconforganization.inc.php (modified) (1 diff)
jabberit_messenger/inc/class.uigroupslocked.inc.php (modified) (1 diff)
jabberit_messenger/inc/class.uihostsjabber.inc.php (modified) (1 diff)
jabberit_messenger/inc/class.uimodule.inc.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/admin/inc/hook_admin.inc.php

-                      r1174
+                      r1684
                 $file['Peer Servers']               = $GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiserver.list_servers');
+        }
+*/
+        /*if (! $GLOBALS['phpgw']->acl->check('account_access',1,'admin'))
+        {
+                $file['User Accounts']              = $GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.list_users');
+        }
+        if (! $GLOBALS['phpgw']->acl->check('group_access',1,'admin'))
+        {
+                $file['User Groups']                = $GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.list_groups');
+        }*/
+*/
         if (! $GLOBALS['phpgw']->acl->check('applications_access',1,'admin'))
+        {

trunk/admin/inc/hook_sidebox_menu.inc.php

-                      r89
+                      r1684
                         $file['Site Configuration']         = $GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiconfig.index&appname=admin');
+                }
 /*
+/*
                 if (! $GLOBALS['phpgw']->acl->check('peer_server_access',1,'admin'))
+                {
                         $file['Peer Servers']               = $GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiserver.list_servers');
+                }
-                if (! $GLOBALS['phpgw']->acl->check('account_access',1,'admin'))
+                {
-                        $file['User Accounts']              = $GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.list_users');
+                }
-                if (! $GLOBALS['phpgw']->acl->check('group_access',1,'admin'))
+                {
-                        $file['User Groups']                = $GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.list_groups');
+                }
 */

trunk/calendar/inc/class.uicustom_fields.inc.php

-                      r2
+                      r1684
                 function index($error='')
+                {
+                        if (!$GLOBALS['phpgw']->acl->check('run',1,'admin'))
+                        {
+                              $GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/admin/index.php'));
+                        }
                         unset($GLOBALS['phpgw_info']['flags']['noheader']);
                         unset($GLOBALS['phpgw_info']['flags']['nonavbar']);

trunk/calendar/inc/class.uigroup_access.inc.php

-                      r1644
+                      r1684
         function index(){
+                if (!$GLOBALS['phpgw']->acl->check('run',1,'admin'))
+                {
+                      $GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/admin/index.php'));
+                }
                 $GLOBALS['phpgw_info']['flags'] = array(
                                         'currentapp' => 'calendar',

trunk/calendar/inc/class.uiholiday.inc.php

-                      r204
+                      r1684
                 function admin()
+                {
+                        if (!$GLOBALS['phpgw']->acl->check('run',1,'admin'))
+                        {
+                              $GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/admin/index.php'));
+                        }
                         unset($GLOBALS['phpgw_info']['flags']['noheader']);
                         unset($GLOBALS['phpgw_info']['flags']['nonavbar']);

trunk/expressoAdmin1_2/inc/class.uimanagers.inc.php

r458	r1684
53	53	{
54	54	// Caso nao seja admin, sai.
55		if (~~$GLOBALS['phpgw']->acl->check('group_access~~',1,'admin'))
	55	if (!$GLOBALS['phpgw']->acl->check('run',1,'admin'))
56	56	{
57	57	$GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/admin/index.php'));
…	…
129	129	{
130	130	// Caso nao seja admin, sai.
131		if (~~$GLOBALS['phpgw']->acl->check('group_access~~',1,'admin'))
	131	if (!$GLOBALS['phpgw']->acl->check('run',1,'admin'))
132	132	{
133	133	$GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/admin/index.php'));
…	…
207	207	function delete_managers()
208	208	{
	209	if (!$GLOBALS['phpgw']->acl->check('run',1,'admin'))
	210	{
	211	$GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/admin/index.php'));
	212	}
209	213	// Criar uma verificação e jogar a query para o BO.
210	214	$context = $_GET['context'];
…	…
232	236	{
233	237	// Caso nao seja admin, sai.
234		if (~~$GLOBALS['phpgw']->acl->check('group_access~~',1,'admin'))
	238	if (!$GLOBALS['phpgw']->acl->check('run',1,'admin'))
235	239	{
236	240	$GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/admin/index.php'));

trunk/expressoAdmin1_2/inc/class.uisectors.inc.php

-                      r1516
+                      r1684
                         );
                         $p->set_var($var);
+                        if (! $GLOBALS['phpgw']->acl->check('group_access',4,'admin'))
+                        {
+                                $p->set_var('input_add','<input type="submit" value="' . lang('Add Sectors') . '">');
+                        }
+                        $p->set_var('input_add','<input type="submit" value="' . lang('Add Sectors') . '">');
                         $p->parse('rows','row_empty',True);

trunk/jabberit_messenger/inc/class.uiconforganization.inc.php

r863	r1684
90	90	public final function backPage()
91	91	{
92		if(~~$GLOBALS['phpgw']->acl->check('applications_access',1,'admin')~~)
	92	if( !$GLOBALS['phpgw']->acl->check('run',1,'admin') )
93	93	{
94		$GLOBALS['phpgw']->redirect_link('/index.php');
	94	$GLOBALS['phpgw']->redirect_link('/admin/index.php');
95	95	}
96	96

trunk/jabberit_messenger/inc/class.uigroupslocked.inc.php

r1438	r1684
112	112	public final function add()
113	113	{
114		if(~~$GLOBALS['phpgw']->acl->check('applications_access',1,'admin')~~)
	114	if( !$GLOBALS['phpgw']->acl->check('run',1,'admin') )
115	115	{
116		$GLOBALS['phpgw']->redirect_link('/index.php');
	116	$GLOBALS['phpgw']->redirect_link('/admin/index.php');
117	117	}
118	118

trunk/jabberit_messenger/inc/class.uihostsjabber.inc.php

r946	r1684
97	97	public final function backPage()
98	98	{
99		if(~~$GLOBALS['phpgw']->acl->check('applications_access',1,'admin')~~)
	99	if( !$GLOBALS['phpgw']->acl->check('run',1,'admin') )
100	100	{
101		$GLOBALS['phpgw']->redirect_link('/index.php');
	101	$GLOBALS['phpgw']->redirect_link('/admin/index.php');
102	102	}
103	103

trunk/jabberit_messenger/inc/class.uimodule.inc.php

r423	r1684
89	89	public final function add()
90	90	{
91		if(~~$GLOBALS['phpgw']->acl->check('applications_access',1,'admin')~~)
	91	if( !$GLOBALS['phpgw']->acl->check('run',1,'admin') )
92	92	{
93		$GLOBALS['phpgw']->redirect_link('/index.php');
	93	$GLOBALS['phpgw']->redirect_link('/admin/index.php');
94	94	}
95	95

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 1684

Legend:

Download in other formats: