From fe9a23f542bc56c1c0b6dc30257418e38ff7bd3a Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Sat, 08 Jun 2013 18:57:40 -0400
Subject: [PATCH] - Fixed FS#2936 - Please check and limit username input length.

---
 interface/web/tools/form/interface_settings.tform.php |   27 ++++++++++++++++++++-------
 1 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/interface/web/tools/form/interface_settings.tform.php b/interface/web/tools/form/interface_settings.tform.php
index 49ed62d..c93da46 100644
--- a/interface/web/tools/form/interface_settings.tform.php
+++ b/interface/web/tools/form/interface_settings.tform.php
@@ -84,14 +84,27 @@
 //* Pick out modules
 //* TODO: limit to activated modules of the user
 $modules_list = array();
-$handle = @opendir(ISPC_WEB_PATH); 
-while ($file = @readdir ($handle)) { 
-    if ($file != '.' && $file != '..') {
-        if(@is_dir(ISPC_WEB_PATH."/$file")) {
-            if(is_file(ISPC_WEB_PATH."/$file/lib/module.conf.php") and $file != 'login' && $file != 'designer' && $file != 'mailuser') {
-				$modules_list[$file] = $file;
+if($_SESSION["s"]["user"]["typ"] == 'admin') {
+	$handle = @opendir(ISPC_WEB_PATH); 
+	while ($file = @readdir ($handle)) { 
+		if ($file != '.' && $file != '..') {
+			if(@is_dir(ISPC_WEB_PATH."/$file")) {
+				if(is_file(ISPC_WEB_PATH."/$file/lib/module.conf.php") and $file != 'login' && $file != 'designer' && $file != 'mailuser') {
+					$modules_list[$file] = $file;
+				}
 			}
-        }
+		}
+	}
+} else {
+	$tmp = $app->db->queryOneRecord("SELECT * FROM sys_user where username = '".$_SESSION["s"]["user"]['username']."'");
+	$modules = $tmp['modules'];
+	//$modules = $conf['interface_modules_enabled'];
+	if($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
+		$modules .= ',client';
+	}
+	$tmp = explode(',',$modules);
+	foreach($tmp as $m) {
+		$modules_list[$m] = $m;
 	}
 }
 

--
Gitblit v1.9.1