From 2b9951bbfe7b2635a630e8eccb05a6134d3b8a24 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Tue, 13 Aug 2013 15:36:38 -0400
Subject: [PATCH] Improved permission checks.
---
interface/lib/classes/tform.inc.php | 66 --------------------------------
interface/lib/classes/plugin_backuplist.inc.php | 6 +++
interface/web/sites/shell_user_edit.php | 13 +++++-
interface/web/sites/ftp_user_edit.php | 5 ++
4 files changed, 23 insertions(+), 67 deletions(-)
diff --git a/interface/lib/classes/plugin_backuplist.inc.php b/interface/lib/classes/plugin_backuplist.inc.php
index ad567b2..2e0fdc5 100644
--- a/interface/lib/classes/plugin_backuplist.inc.php
+++ b/interface/lib/classes/plugin_backuplist.inc.php
@@ -55,6 +55,12 @@
if(isset($_GET['backup_action'])) {
$backup_id = $app->functions->intval($_GET['backup_id']);
+ //* check if the user is owner of the parent domain
+ $domain_backup = $app->db->queryOneRecord("SELECT parent_domain_id FROM web_backup WHERE backup_id = ".$backup_id);
+ if(!$app->tform->checkOwnerPermisssions($this->dataRecord["parent_domain_id"])){
+ $app->error($app->tform->lng('no_domain_perm'));
+ }
+
if($_GET['backup_action'] == 'download' && $backup_id > 0) {
$sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_download' AND action_param = '$backup_id'";
$tmp = $app->db->queryOneRecord($sql);
diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php
index 8e335ca..7cefb22 100644
--- a/interface/lib/classes/tform.inc.php
+++ b/interface/lib/classes/tform.inc.php
@@ -1260,7 +1260,7 @@
function getDataRecord($primary_id) {
global $app;
$escape = '`';
- $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;
+ $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id." AND ".$this->getAuthSQL('r',$this->formDef['db_table']);
return $app->db->queryOneRecord($sql);
}
@@ -1270,70 +1270,6 @@
$app->db->datalogSave($this->formDef['db_table'], $action, $this->formDef['db_table_idx'], $primary_id, $record_old, $record_new);
return true;
-
- /*
- // Add backticks for incomplete table names.
- if(stristr($this->formDef['db_table'],'.')) {
- $escape = '';
- } else {
- $escape = '`';
- }
-
- $this->diffrec = array();
-
- // Full diff records for ISPConfig, they have a different format then the simple diffrec
- $diffrec_full = array();
-
- if(is_array($record_old) && count($record_old) > 0) {
- foreach($record_old as $key => $val) {
- //if(isset($record_new[$key]) && $record_new[$key] != $val) {
- if(!isset($record_new[$key]) || $record_new[$key] != $val) {
- // Record has changed
- $diffrec_full['old'][$key] = $val;
- $diffrec_full['new'][$key] = $record_new[$key];
- $this->diffrec[$key] = array( 'new' => $record_new[$key],
- 'old' => $val);
- } else {
- $diffrec_full['old'][$key] = $val;
- $diffrec_full['new'][$key] = $val;
- }
- }
- } elseif(is_array($record_new)) {
- foreach($record_new as $key => $val) {
- if(isset($record_new[$key]) && $record_old[$key] != $val) {
- // Record has changed
- $diffrec_full['new'][$key] = $val;
- $diffrec_full['old'][$key] = $record_old[$key];
- $this->diffrec[$key] = array( 'old' => @$record_old[$key],
- 'new' => $val);
- } else {
- $diffrec_full['new'][$key] = $val;
- $diffrec_full['old'][$key] = $val;
- }
- }
- }
-
- //$this->diffrec = $diffrec;
- // Insert the server_id, if the record has a server_id
- $server_id = (isset($record_old["server_id"]) && $record_old["server_id"] > 0)?$record_old["server_id"]:0;
- if(isset($record_new["server_id"])) $server_id = $record_new["server_id"];
-
- if(count($this->diffrec) > 0) {
- $diffstr = addslashes(serialize($diffrec_full));
- $username = $app->db->quote($_SESSION["s"]["user"]["username"]);
- $dbidx = $this->formDef['db_table_idx'].":".$primary_id;
- // $action = ($action == 'INSERT')?'i':'u';
-
- if($action == 'INSERT') $action = 'i';
- if($action == 'UPDATE') $action = 'u';
- if($action == 'DELETE') $action = 'd';
- $sql = "INSERT INTO sys_datalog (dbtable,dbidx,server_id,action,tstamp,user,data) VALUES ('".$this->formDef['db_table']."','$dbidx','$server_id','$action','".time()."','$username','$diffstr')";
- $app->db->query($sql);
- }
-
- return true;
- */
-
}
function getAuthSQL($perm, $table = '') {
diff --git a/interface/web/sites/ftp_user_edit.php b/interface/web/sites/ftp_user_edit.php
index c952a93..59a3680 100644
--- a/interface/web/sites/ftp_user_edit.php
+++ b/interface/web/sites/ftp_user_edit.php
@@ -94,6 +94,11 @@
if(isset($this->dataRecord["parent_domain_id"])) {
$parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
+ } else {
+ $tmp = $app->tform->getDataRecord($this->id);
+ $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval($tmp["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
+ if(!$parent_domain) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
+ unset($tmp);
}
// Set a few fixed values
diff --git a/interface/web/sites/shell_user_edit.php b/interface/web/sites/shell_user_edit.php
index f7ef5b7..a18dd8e 100644
--- a/interface/web/sites/shell_user_edit.php
+++ b/interface/web/sites/shell_user_edit.php
@@ -99,8 +99,17 @@
global $app, $conf;
// Get the record of the parent domain
- $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
- if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
+ //$parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
+ //if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
+ if(isset($this->dataRecord["parent_domain_id"])) {
+ $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
+ if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
+ } else {
+ $tmp = $app->tform->getDataRecord($this->id);
+ $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval($tmp["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
+ if(!$parent_domain) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
+ unset($tmp);
+ }
// Set a few fixed values
$this->dataRecord["server_id"] = $parent_domain["server_id"];
--
Gitblit v1.9.1