[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] admin/inc class.bo_custom_fields.inc.php class....
From: |
Dave Hall |
Subject: |
[Phpgroupware-cvs] admin/inc class.bo_custom_fields.inc.php class.... |
Date: |
Sun, 12 Mar 2006 11:39:55 +0000 |
CVSROOT: /cvsroot/phpgroupware
Module name: admin
Branch:
Changes by: Dave Hall <address@hidden> 06/03/12 11:39:55
Modified files:
inc : class.bo_custom_fields.inc.php
class.ui_custom_fields.inc.php
Log message:
added unsaved security check
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/phpgroupware/admin/inc/class.bo_custom_fields.inc.php.diff?tr1=1.1&tr2=1.2&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/phpgroupware/admin/inc/class.ui_custom_fields.inc.php.diff?tr1=1.1&tr2=1.2&r1=text&r2=text
Patches:
Index: admin/inc/class.bo_custom_fields.inc.php
diff -u admin/inc/class.bo_custom_fields.inc.php:1.1
admin/inc/class.bo_custom_fields.inc.php:1.2
--- admin/inc/class.bo_custom_fields.inc.php:1.1 Sun Mar 12 11:19:48 2006
+++ admin/inc/class.bo_custom_fields.inc.php Sun Mar 12 11:39:55 2006
@@ -4,7 +4,7 @@
* @author Dave Hall dave.hall at skwashd.com
* @copyright Copyright (C) 2006 Free Software Foundation http://www.fsf.org/
* @license http://www.gnu.org/licenses/gpl.html GNU General Public License
-* @version $Id: class.bo_custom_fields.inc.php,v 1.1 2006/03/12 11:19:48
skwashd Exp $
+* @version $Id: class.bo_custom_fields.inc.php,v 1.2 2006/03/12 11:39:55
skwashd Exp $
*/
class bo_custom_fields
@@ -29,6 +29,11 @@
*/
function bo_custom_fields($appname = '')
{
+ if (
$GLOBALS['phpgw']->acl->check('custom_fields_access',1,'admin'))
+ {
+ Header('HTTP/1.0 403 Forbidden');
+ die(lang('you do not have access to this
functionality'));
+ }
$this->custom = createObject('phpgwapi.custom_fields',
$appname);
}
Index: admin/inc/class.ui_custom_fields.inc.php
diff -u admin/inc/class.ui_custom_fields.inc.php:1.1
admin/inc/class.ui_custom_fields.inc.php:1.2
--- admin/inc/class.ui_custom_fields.inc.php:1.1 Sun Mar 12 11:19:48 2006
+++ admin/inc/class.ui_custom_fields.inc.php Sun Mar 12 11:39:55 2006
@@ -4,7 +4,7 @@
* @author Dave Hall dave.hall at skwashd.com
* @copyright Copyright (C) 2006 Free Software Foundation http://www.fsf.org/
* @license http://www.gnu.org/licenses/gpl.html GNU General Public License
-* @version $Id: class.ui_custom_fields.inc.php,v 1.1 2006/03/12 11:19:48
skwashd Exp $
+* @version $Id: class.ui_custom_fields.inc.php,v 1.2 2006/03/12 11:39:55
skwashd Exp $
*/
class ui_custom_fields
{
@@ -32,7 +32,13 @@
*/
function ui_custom_fields()
{
- $this->bo =& createObject('admin.bo_custom_fields',
$_REQUEST['appname']);
+ if (
$GLOBALS['phpgw']->acl->check('custom_fields_access',1,'admin'))
+ {
+
$GLOBALS['phpgw']->redirect_link('/admin/index.php');
+ exit;
+ }
+
+ $this->bo =& createObject('admin.bo_custom_fields',
$_REQUEST['appname']);
$this->t =& $GLOBALS['phpgw']->xslttpl;
}
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] admin/inc class.bo_custom_fields.inc.php class....,
Dave Hall <=