Any user had open-ended access to the administration panel due to usage of wrong variable when validating access (was using $this->auth_groups instead of $this->group which contains user group access in CORE_auth::auth_update). Also added a redundant check if a user has no group access then no module access will be granted.
This commit is contained in:
parent
2e4fa74af1
commit
5c6292a4b5
@ -20,8 +20,6 @@
|
||||
|
||||
class CORE_auth
|
||||
{
|
||||
|
||||
var $auth_groups;
|
||||
var $auth_modules;
|
||||
var $auth_methods;
|
||||
var $account=false;
|
||||
@ -83,6 +81,11 @@ class CORE_auth
|
||||
$this->module = Array("0");
|
||||
} else {
|
||||
$this->group_list($this->account);
|
||||
if (!$this->group) {
|
||||
$this->group = array ('0');
|
||||
$this->module = array ('0');
|
||||
return;
|
||||
}
|
||||
$db = &DB();
|
||||
$p = AGILE_DB_PREFIX;
|
||||
$sql="SELECT DISTINCT MM.module_id, GM.method_id, GM.group_id,
|
||||
@ -91,15 +94,15 @@ class CORE_auth
|
||||
FROM {$p}group_method as GM
|
||||
LEFT JOIN {$p}module as M on (GM.module_id=M.id and M.site_id=".DEFAULT_SITE.")
|
||||
LEFT JOIN {$p}module_method as MM on (GM.method_id=MM.id and MM.site_id=".DEFAULT_SITE.") ";
|
||||
for($i=0; $i<count($this->auth_groups); $i++)
|
||||
if($i==0) $sql .= "WHERE GM.group_id={$this->auth_groups[$i]} ";
|
||||
else $sql .= "OR GM.group_id={$this->auth_groups[$i]} ";
|
||||
$sql .= "AND GM.site_id=".DEFAULT_SITE." ORDER BY M.name,MM.name";
|
||||
for($i=0; $i<count($this->group); $i++)
|
||||
if($i==0) $sql .= "WHERE (GM.group_id={$this->group[$i]} ";
|
||||
else $sql .= "OR GM.group_id={$this->group[$i]} ";
|
||||
$sql .= ") AND GM.site_id=".DEFAULT_SITE." ORDER BY M.name,MM.name";
|
||||
$result=$db->Execute($sql);
|
||||
if($result === false)
|
||||
{
|
||||
global $C_debug;
|
||||
$C_debug->error('core:auth.inc.php','menu_update', $db->ErrorMsg() . '<br><br>' .$q);
|
||||
$C_debug->error('core:auth.inc.php','auth_update', $db->ErrorMsg() . '<br><br>' .$q);
|
||||
return;
|
||||
}
|
||||
while (!$result->EOF) {
|
||||
@ -283,4 +286,4 @@ class CORE_auth
|
||||
return auth_generate_admin_menu($this);
|
||||
}
|
||||
}
|
||||
?>
|
||||
?>
|
||||
|
Reference in New Issue
Block a user