When deleting the group delete the group user and group permissions. Increase the security by validating the uuid.

2015-03-05 09:37:37 +00:00 · 2015-03-05 09:37:37 +00:00 · 81b1cb581d
parent d48b306866
commit 81b1cb581d
2 changed files with 83 additions and 54 deletions
--- a/core/users/groupdelete.php
+++ b/core/users/groupdelete.php
@ -17,7 +17,7 @@
 	The Initial Developer of the Original Code is
 	Mark J Crane <markjcrane@fusionpbx.com>
-	Portions created by the Initial Developer are Copyright (C) 2008-2014
+	Portions created by the Initial Developer are Copyright (C) 2008-2015
 	the Initial Developer. All Rights Reserved.
 	Contributor(s):
@ -37,18 +37,50 @@ require_once "resources/require.php";
 	}
 //get the http value and set as a variable
-	$id = check_str($_GET["id"]);
+	$group_uuid = check_str($_GET["id"]);
-//delete the group
+//validate the uuid
-	$sql = "delete from v_groups ";
+	if (is_uuid($group_uuid)) {
-	$sql .= "where group_uuid = '$id' ";
+		//get the group from v_groups
-	if (!$db->exec($sql)) {
+			$sql = "select * from v_groups ";
-		//echo $db->errorCode() . "<br>";
+			$sql .= "where group_uuid = '".$group_uuid."' ";
-		$info = $db->errorInfo();
+			$sql .= "and (domain_uuid = '".$_SESSION['domain_uuid']."' or domain_uuid is null) ";
-		print_r($info);
+			$prep_statement = $db->prepare(check_sql($sql));
-		// $info[0] == $db->errorCode() unified error code
+			$prep_statement->execute();
-		// $info[1] is the driver specific error code
+			$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-		// $info[2] is the driver specific error string
+			foreach ($result as &$row) {
 				$group_name = $row["group_name"];
 			}
 			unset ($prep_statement);
 		//delete the group users
 			$sql = "delete from v_group_users ";
 			$sql .= "where group_uuid = '".$group_uuid."' ";
 			$sql .= "and (domain_uuid = '".$_SESSION['domain_uuid']."' or domain_uuid is null) ";
 			if (!$db->exec($sql)) {
 				$error = $db->errorInfo();
 				print_r($error);
 			}
 		//delete the group permissions
 			if (strlen($group_name) > 0) {
 				$sql = "delete from v_group_permissions ";
 				$sql .= "where group_name = '".$group_name."' ";
 				$sql .= "and (domain_uuid = '".$_SESSION['domain_uuid']."' or domain_uuid is null) ";
 				if (!$db->exec($sql)) {
 					$error = $db->errorInfo();
 					print_r($error);
 				}
 			}
 		//delete the group
 			$sql = "delete from v_groups ";
 			$sql .= "where group_uuid = '".$group_uuid."' ";
 			$sql .= "and (domain_uuid = '".$_SESSION['domain_uuid']."' or domain_uuid is null) ";
 			if (!$db->exec($sql)) {
 				$error = $db->errorInfo();
 				print_r($error);
 			}
 	}
 //redirect the user
--- a/core/users/userdelete.php
+++ b/core/users/userdelete.php
@ -17,7 +17,7 @@
 	The Initial Developer of the Original Code is
 	Mark J Crane <markjcrane@fusionpbx.com>
-	Portions created by the Initial Developer are Copyright (C) 2008-2012
+	Portions created by the Initial Developer are Copyright (C) 2008-2015
 	the Initial Developer. All Rights Reserved.
 	Contributor(s):
@ -41,50 +41,47 @@ else {
 //get the id
 	$user_uuid = check_str($_GET["id"]);
-//get the username from v_users
+//validate the uuid
-	$sql = "select * from v_users ";
+	if (is_uuid($user_uuid)) {
-	$sql .= "where domain_uuid = '$domain_uuid' ";
+		//get the username from v_users
-	$sql .= "and user_uuid = '$user_uuid' ";
+			$sql = "select * from v_users ";
-	$sql .= "and user_enabled = 'true' ";
+			$sql .= "where user_uuid = '$user_uuid' ";
-	$prep_statement = $db->prepare(check_sql($sql));
+			$sql .= "and domain_uuid = '$domain_uuid' ";
-	$prep_statement->execute();
+			$prep_statement = $db->prepare(check_sql($sql));
-	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+			$prep_statement->execute();
-	foreach ($result as &$row) {
+			$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-		$username = $row["username"];
+			foreach ($result as &$row) {
-		break; //limit to 1 row
+				$username = $row["username"];
-	}
+			}
-	unset ($prep_statement);
+			unset ($prep_statement);
-//required to be a superadmin to delete a member of the superadmin group
+		//required to be a superadmin to delete a member of the superadmin group
-	$superadmin_list = superadmin_list($db);
+			$superadmin_list = superadmin_list($db);
-	if (if_superadmin($superadmin_list, $user_uuid)) {
+			if (if_superadmin($superadmin_list, $user_uuid)) {
-		if (!if_group("superadmin")) {
+				if (!if_group("superadmin")) {
-			//access denied - do not delete the user
+					//access denied - do not delete the user
-			header("Location: index.php");
+					header("Location: index.php");
-			return;
+					return;
-		}
+				}
-	}
+			}
-//delete the user
+		//delete the groups the user is assigned to
-	$sql_delete = "delete from v_users ";
+			$sql = "delete from v_group_users ";
-	$sql_delete .= "where domain_uuid = '$domain_uuid' ";
+			$sql .= "where user_uuid = '$user_uuid' ";
-	$sql_delete .= "and user_uuid = '$user_uuid' ";
+			$sql .= "and domain_uuid = '$domain_uuid' ";
-	if (!$db->exec($sql_delete)) {
+			if (!$db->exec($sql)) {
-		//echo $db->errorCode() . "<br>";
+				$info = $db->errorInfo();
-		$info = $db->errorInfo();
+				print_r($info);
-		print_r($info);
+			}
 		// $info[0] == $db->errorCode() unified error code
 		// $info[1] is the driver specific error code
 		// $info[2] is the driver specific error string
 	}
-//delete the groups the user is assigned to
+		//delete the user
-	$sql_delete = "delete from v_group_users ";
+			$sql = "delete from v_users ";
-	$sql_delete .= "where domain_uuid = '$domain_uuid' ";
+			$sql .= "where user_uuid = '$user_uuid' ";
-	$sql_delete .= "and user_uuid = '$user_uuid' ";
+			$sql .= "and domain_uuid = '$domain_uuid' ";
-	if (!$db->exec($sql_delete)) {
+			if (!$db->exec($sql)) {
-		$info = $db->errorInfo();
+				$info = $db->errorInfo();
-		print_r($info);
+				print_r($info);
 			}
 	}
 //redirect the user