[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] CVS: phpgwapi/inc class.acl.inc.php, 1.65.4.3, 1.65.4
From: |
Dave Hall <address@hidden> |
Subject: |
[Phpgroupware-cvs] CVS: phpgwapi/inc class.acl.inc.php, 1.65.4.3, 1.65.4.4 |
Date: |
Sun, 07 Sep 2003 23:20:53 -0400 |
Update of /cvsroot/phpgroupware/phpgwapi/inc
In directory subversions:/tmp/cvs-serv22799/phpgwapi/inc
Modified Files:
Tag: Version-0_9_16-branch
class.acl.inc.php
Log Message:
plugged security hole - created by some fool!
Index: class.acl.inc.php
===================================================================
RCS file: /cvsroot/phpgroupware/phpgwapi/inc/class.acl.inc.php,v
retrieving revision 1.65.4.3
retrieving revision 1.65.4.4
diff -C2 -r1.65.4.3 -r1.65.4.4
*** class.acl.inc.php 18 May 2003 22:13:54 -0000 1.65.4.3
--- class.acl.inc.php 8 Sep 2003 03:20:50 -0000 1.65.4.4
***************
*** 244,248 ****
reset($this->data);
! $sql = 'delete from phpgw_acl where acl_account =
'.$this->account_id;
$this->db->query($sql ,__LINE__,__FILE__);
--- 244,248 ----
reset($this->data);
! $sql = 'delete from phpgw_acl where acl_account = '.
intval($this->account_id);
$this->db->query($sql ,__LINE__,__FILE__);
***************
*** 532,537 ****
$cache_accountid[$accountid] = $account_id;
}
! $sql = "select acl_appname, acl_rights from phpgw_acl
where acl_location = '$location' and ";
! $sql .= 'acl_account = '.$account_id;
$this->db->query($sql ,__LINE__,__FILE__);
$rights = 0;
--- 532,538 ----
$cache_accountid[$accountid] = $account_id;
}
! $sql = 'SELECT acl_appname, acl_rights from phpgw_acl
';
! $sql .= "where acl_location = '" .
$this->db->db_addslahes($location) . "' ";
! $sql .= 'AND acl_account = ' . intval($account_id);
$this->db->query($sql ,__LINE__,__FILE__);
$rights = 0;
***************
*** 576,581 ****
$cache_accountid[$accountid] = $account_id;
}
! $sql = "select acl_location, acl_rights from phpgw_acl
where acl_appname = '$app' and ";
! $sql .= "acl_account = ".$account_id;
$this->db->query($sql ,__LINE__,__FILE__);
$rights = 0;
--- 577,584 ----
$cache_accountid[$accountid] = $account_id;
}
! $sql = 'SELECT acl_location, acl_rights ';
! $sql .= "phpgw_acl where acl_appname = '" .
$this->db->db_addslahes($app) . "' ";
! $sql .= 'AND acl_account =' . intval($account_id);
!
$this->db->query($sql ,__LINE__,__FILE__);
$rights = 0;
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] CVS: phpgwapi/inc class.acl.inc.php, 1.65.4.3, 1.65.4.4,
Dave Hall <address@hidden> <=