[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 17/29: Security For document_state and tag_gr
From: |
Dany De Bontridder |
Subject: |
[Noalyss-commit] [noalyss] 17/29: Security For document_state and tag_group |
Date: |
Wed, 4 Nov 2020 11:08:43 -0500 (EST) |
sparkyx pushed a commit to branch master
in repository noalyss.
commit 9a03147cbf04d033b843d8d64939c3925eef8c2c
Author: Dany wm De Bontridder <danydb@noalyss.eu>
AuthorDate: Sun Nov 1 13:33:31 2020 +0100
Security For document_state and tag_group
---
include/ajax/ajax_document_state.php | 6 +++++-
include/ajax/ajax_tag_group.php | 9 ++++++++-
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/include/ajax/ajax_document_state.php
b/include/ajax/ajax_document_state.php
index d5cfed6..e0776af 100644
--- a/include/ajax/ajax_document_state.php
+++ b/include/ajax/ajax_document_state.php
@@ -24,7 +24,11 @@ if (!defined('ALLOWED')) die('Appel direct ne sont pas
permis');
require_once NOALYSS_INCLUDE."/class/document_state_mtable.php";
global $g_user;
-$g_user->check_action('CFGDOCST',2);
+if ( $g_user->check_module('CFGDOCST') == 0 ) {
+ record_log("forbidden : CFGDOCST ".__FILE__);
+ exit();
+}
+
/**
* @file
diff --git a/include/ajax/ajax_tag_group.php b/include/ajax/ajax_tag_group.php
index dc13576..7da3aa4 100644
--- a/include/ajax/ajax_tag_group.php
+++ b/include/ajax/ajax_tag_group.php
@@ -21,6 +21,12 @@
if (!defined('ALLOWED'))
die('Appel direct ne sont pas permis');
+
+if ( $g_user->check_module('CFGTAG') == 0 ) {
+ record_log("forbidden : AJT01 ".__FILE__);
+ exit();
+}
+
require_once NOALYSS_INCLUDE."/class/tag_group_mtable.class.php";
/**
* @file
@@ -36,6 +42,7 @@ try {
echo $e->getMessage();
return;
}
+
$obj=new Tag_Group_SQL($cn,$p_id);
$obj_manage=new Tag_Group_MTable($obj);
$obj_manage->set_callback("ajax_misc.php");
@@ -61,4 +68,4 @@ elseif ($action=="delete")
$xml=$obj_manage->ajax_delete();
header('Content-type: text/xml; charset=UTF-8');
echo $xml->saveXML();
-}
\ No newline at end of file
+}
- [Noalyss-commit] [noalyss] 09/29: Adapt for Textarea, (continued)
- [Noalyss-commit] [noalyss] 09/29: Adapt for Textarea, Dany De Bontridder, 2020/11/04
- [Noalyss-commit] [noalyss] 04/29: Followup : change moyenne par normale, Dany De Bontridder, 2020/11/04
- [Noalyss-commit] [noalyss] 08/29: FollowUp commentaire unique et modifiable, Dany De Bontridder, 2020/11/04
- [Noalyss-commit] [noalyss] 18/29: Follow UP detail do not show the "Add Rows button" in READ mode, Dany De Bontridder, 2020/11/04
- [Noalyss-commit] [noalyss] 23/29: Cosmetic : ledger name, Dany De Bontridder, 2020/11/04
- [Noalyss-commit] [noalyss] 24/29: Contact : navigation bar was not correct, Dany De Bontridder, 2020/11/04
- [Noalyss-commit] [noalyss] 29/29: Merge branch 'checkbox-range', Dany De Bontridder, 2020/11/04
- [Noalyss-commit] [noalyss] 28/29: Task #0001861: Plage de cases à cocher, Dany De Bontridder, 2020/11/04
- [Noalyss-commit] [noalyss] 12/29: Suivi : description modifiable, Dany De Bontridder, 2020/11/04
- [Noalyss-commit] [noalyss] 15/29: Document_State : rewriting, Dany De Bontridder, 2020/11/04
- [Noalyss-commit] [noalyss] 17/29: Security For document_state and tag_group,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 14/29: cosmetic : set the total and compute button outside of the frame, Dany De Bontridder, 2020/11/04
- [Noalyss-commit] [noalyss] 26/29: Cosmetic : add waiting box when searching by card category for Management customer, supplier, ..., Dany De Bontridder, 2020/11/04
- [Noalyss-commit] [noalyss] 27/29: code : fix deprecated unparenthized (a)?b:c?e:x, Dany De Bontridder, 2020/11/04