dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Thought this code was redundant until I realized that it protects from a non superadmin from changing the context which only superadmin users are allowed to do.

This commit is contained in:
Mark Crane 2012-09-15 16:35:08 +00:00
parent 00f175321f
commit 90c4e8442c
1 changed files with 32 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
app/ring_groups/ring_groups_edit.php
View File

@ -64,6 +64,7 @@ else {
//get http post variables and set them to php variables //get http post variables and set them to php variables
if (count($_POST)>0) { if (count($_POST)>0) {
//set variables from http values
$ring_group_name = check_str($_POST["ring_group_name"]); $ring_group_name = check_str($_POST["ring_group_name"]);
$ring_group_extension = check_str($_POST["ring_group_extension"]); $ring_group_extension = check_str($_POST["ring_group_extension"]);
$ring_group_context = check_str($_POST["ring_group_context"]); $ring_group_context = check_str($_POST["ring_group_context"]);
@ -79,6 +80,17 @@ else {
$ring_group_timeout_app = array_shift($ring_group_timeout_array); $ring_group_timeout_app = array_shift($ring_group_timeout_array);
$ring_group_timeout_data = join(':', $ring_group_timeout_array); $ring_group_timeout_data = join(':', $ring_group_timeout_array);
$extension_uuid = check_str($_POST["extension_uuid"]); $extension_uuid = check_str($_POST["extension_uuid"]);
//set the context for users that are not in the superadmin group
if (!if_group("superadmin")) {
if (count($_SESSION["domains"]) > 1) {
$ring_group_context = $_SESSION['domain_name'];
}
else {
$ring_group_context = "default";
}
}
} }
if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
@ -307,7 +319,6 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
//set the context for users that are not in the superadmin group //set the context for users that are not in the superadmin group
if (strlen($ring_group_context) == 0) { if (strlen($ring_group_context) == 0) {
if (!if_group("superadmin")) {
if (count($_SESSION["domains"]) > 1) { if (count($_SESSION["domains"]) > 1) {
$ring_group_context = $_SESSION['domain_name']; $ring_group_context = $_SESSION['domain_name'];
} }
@ -315,7 +326,6 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
$ring_group_context = "default"; $ring_group_context = "default";
} }
} }
}
//show the header //show the header
require_once "includes/header.php"; require_once "includes/header.php";