projects
/
misc
/
kostenrechnung
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
646cd08
)
Adjust permission check
author
Joey Schulze
<joey@infodrom.org>
Sat, 6 Mar 2010 20:28:38 +0000
(21:28 +0100)
committer
Joey Schulze
<joey@infodrom.org>
Sat, 6 Mar 2010 20:28:38 +0000
(21:28 +0100)
lib/general.php
patch
|
blob
|
history
diff --git
a/lib/general.php
b/lib/general.php
index
7c5d5f3
..
c493491
100644
(file)
--- a/
lib/general.php
+++ b/
lib/general.php
@@
-19,7
+19,6
@@
function check_permissions($name)
. "JOIN sys_group_mask ON sys_mask.id = sys_group_mask.mask "
. "WHERE sys_group_mask.gid = %d AND fname = '%s'",
$_SESSION['sys']['group'], pg_escape_string($name));
. "JOIN sys_group_mask ON sys_mask.id = sys_group_mask.mask "
. "WHERE sys_group_mask.gid = %d AND fname = '%s'",
$_SESSION['sys']['group'], pg_escape_string($name));
- error_log($sql);
$sth = pg_query($sql);
$sth = pg_query($sql);
@@
-87,7
+86,7
@@
function check_session()
/* ajax calls */
if (substr($_SERVER["SCRIPT_FILENAME"],-9) == '/ajax.php' &&
!empty($_POST['source'])) {
/* ajax calls */
if (substr($_SERVER["SCRIPT_FILENAME"],-9) == '/ajax.php' &&
!empty($_POST['source'])) {
- if (check_permissions(
substr($_POST['source'],5)
))
+ if (check_permissions(
$_POST['source']
))
return true;
else
format_ajax(array('error' => 'No permission to access data'));
return true;
else
format_ajax(array('error' => 'No permission to access data'));