From 7cf3e98090a3e9f0a9cc960d07c5f259adab6a19 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 14 Nov 2013 08:39:08 -0500
Subject: [PATCH] Merge remote-tracking branch 'origin/stable-3.0.5'

---
 interface/lib/classes/plugin_backuplist.inc.php |   10 ++++++++--
 1 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/interface/lib/classes/plugin_backuplist.inc.php b/interface/lib/classes/plugin_backuplist.inc.php
index 2e0fdc5..1f90496 100644
--- a/interface/lib/classes/plugin_backuplist.inc.php
+++ b/interface/lib/classes/plugin_backuplist.inc.php
@@ -57,7 +57,12 @@
 					
 					//* check if the user is  owner of the parent domain
 					$domain_backup = $app->db->queryOneRecord("SELECT parent_domain_id FROM web_backup WHERE backup_id = ".$backup_id);
-					if(!$app->tform->checkOwnerPermisssions($this->dataRecord["parent_domain_id"])){
+					
+                    $check_perm = 'u';
+                    if($_GET['backup_action'] == 'download') $check_perm = 'r'; // only check read permissions on download, not update permissions
+                    
+					$get_domain = $app->db->queryOneRecord("SELECT domain_id FROM web_domain WHERE domain_id = ".$app->functions->intval($domain_backup["parent_domain_id"])." AND ".$app->tform->getAuthSQL($check_perm));
+					if(empty($get_domain) || !$get_domain) {
 						$app->error($app->tform->lng('no_domain_perm'));
 					}
 					
@@ -103,7 +108,8 @@
 				}
 				
 				//* Get the data
-				$sql = "SELECT * FROM web_backup WHERE parent_domain_id = ".$this->form->id." ORDER BY tstamp DESC, backup_type ASC";
+				$web = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ".$this->form->id);
+				$sql = "SELECT * FROM web_backup WHERE parent_domain_id = ".$this->form->id." AND server_id = ".$web['server_id']." ORDER BY tstamp DESC, backup_type ASC";
                 $records = $app->db->queryAllRecords($sql);
 
                 $bgcolor = "#FFFFFF";

--
Gitblit v1.9.1