phpgroupware-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-cvs] CVS: phpgwapi/inc class.acl.inc.php, 1.65.4.3, 1.65.4

From: Dave Hall <address@hidden>
Subject: [Phpgroupware-cvs] CVS: phpgwapi/inc class.acl.inc.php, 1.65.4.3, 1.65.4.4
Date: Sun, 07 Sep 2003 23:20:53 -0400 
Update of /cvsroot/phpgroupware/phpgwapi/inc
In directory subversions:/tmp/cvs-serv22799/phpgwapi/inc

Modified Files:
      Tag: Version-0_9_16-branch
        class.acl.inc.php 
Log Message:
plugged security hole - created by some fool!

Index: class.acl.inc.php
===================================================================
RCS file: /cvsroot/phpgroupware/phpgwapi/inc/class.acl.inc.php,v
retrieving revision 1.65.4.3
retrieving revision 1.65.4.4
diff -C2 -r1.65.4.3 -r1.65.4.4
*** class.acl.inc.php   18 May 2003 22:13:54 -0000      1.65.4.3
--- class.acl.inc.php   8 Sep 2003 03:20:50 -0000       1.65.4.4
***************
*** 244,248 ****
                        reset($this->data);
  
!                       $sql = 'delete from phpgw_acl where acl_account = 
'.$this->account_id;
                        $this->db->query($sql ,__LINE__,__FILE__);
  
--- 244,248 ----
                        reset($this->data);
  
!                       $sql = 'delete from phpgw_acl where acl_account = '. 
intval($this->account_id);
                        $this->db->query($sql ,__LINE__,__FILE__);
  
***************
*** 532,537 ****
                                $cache_accountid[$accountid] = $account_id;
                        }
!                       $sql = "select acl_appname, acl_rights from phpgw_acl 
where acl_location = '$location' and ";
!                       $sql .= 'acl_account = '.$account_id;
                        $this->db->query($sql ,__LINE__,__FILE__);
                        $rights = 0;
--- 532,538 ----
                                $cache_accountid[$accountid] = $account_id;
                        }
!                       $sql  = 'SELECT acl_appname, acl_rights from phpgw_acl 
';
!                       $sql .= "where acl_location = '" . 
$this->db->db_addslahes($location) . "' ";
!                       $sql .= 'AND acl_account = ' . intval($account_id);
                        $this->db->query($sql ,__LINE__,__FILE__);
                        $rights = 0;
***************
*** 576,581 ****
                                $cache_accountid[$accountid] = $account_id;
                        }
!                       $sql = "select acl_location, acl_rights from phpgw_acl 
where acl_appname = '$app' and ";
!                       $sql .= "acl_account = ".$account_id;
                        $this->db->query($sql ,__LINE__,__FILE__);
                        $rights = 0;
--- 577,584 ----
                                $cache_accountid[$accountid] = $account_id;
                        }
!                       $sql  = 'SELECT acl_location, acl_rights ';
!                       $sql .= "phpgw_acl where acl_appname = '" . 
$this->db->db_addslahes($app) . "' ";
!                       $sql .= 'AND acl_account =' . intval($account_id);
!                       
                        $this->db->query($sql ,__LINE__,__FILE__);
                        $rights = 0;
reply via email to
[Prev in Thread] Current Thread [Next in Thread]