Adjust permission check

author Joey Schulze <joey@infodrom.org>

Sat, 6 Mar 2010 20:28:38 +0000 (21:28 +0100)

committer Joey Schulze <joey@infodrom.org>

Sat, 6 Mar 2010 20:28:38 +0000 (21:28 +0100)
author Joey Schulze <joey@infodrom.org>
Sat, 6 Mar 2010 20:28:38 +0000 (21:28 +0100)
committer Joey Schulze <joey@infodrom.org>
Sat, 6 Mar 2010 20:28:38 +0000 (21:28 +0100)
diff --git a/lib/general.php b/lib/general.php

index 7c5d5f3..c493491 100644 (file)
--- a/lib/general.php
+++ b/lib/general.php
@@ -19,7 +19,6 @@ function check_permissions($name)
                  . "JOIN sys_group_mask ON sys_mask.id = sys_group_mask.mask "
                  . "WHERE sys_group_mask.gid = %d AND fname = '%s'",
                  $_SESSION['sys']['group'], pg_escape_string($name));
                  . "JOIN sys_group_mask ON sys_mask.id = sys_group_mask.mask "
                  . "WHERE sys_group_mask.gid = %d AND fname = '%s'",
                  $_SESSION['sys']['group'], pg_escape_string($name));
-  error_log($sql);
  
    $sth = pg_query($sql);
  
  
    $sth = pg_query($sql);
  
@@ -87,7 +86,7 @@ function check_session()
    /* ajax calls */
    if (substr($_SERVER["SCRIPT_FILENAME"],-9) == '/ajax.php' &&
        !empty($_POST['source'])) {
    /* ajax calls */
    if (substr($_SERVER["SCRIPT_FILENAME"],-9) == '/ajax.php' &&
        !empty($_POST['source'])) {
-    if (check_permissions(substr($_POST['source'],5)))
+    if (check_permissions($_POST['source']))
        return true;
      else
        format_ajax(array('error' => 'No permission to access data'));
        return true;
      else
        format_ajax(array('error' => 'No permission to access data'));
author	Joey Schulze <joey@infodrom.org>
	Sat, 6 Mar 2010 20:28:38 +0000 (21:28 +0100)
committer	Joey Schulze <joey@infodrom.org>
	Sat, 6 Mar 2010 20:28:38 +0000 (21:28 +0100)