diff --git a/html/getFAIscript.php b/html/getFAIscript.php
index b22451a6798c965b3ed895b88a283276245d07e7..60e53d56a69f92c422b7fe4870d8636568fa345f 100644 (file)
--- a/html/getFAIscript.php
+++ b/html/getFAIscript.php
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: no-cache");
header("Pragma: no-cache");
+ header("Content-transfer-encoding: binary\n");
header("Cache-Control: post-check=0, pre-check=0");
header("Content-type: application/octet-stream");
header("Content-Disposition: attachment; filename=".$name);
/* Logged in? Simple security check */
if (!isset($_SESSION['ui'])){
gosa_log ("Error: getFAIScript.php called without session");
- header ("Location: ../index.php");
+ header ("Location: index.php");
exit;
}
$ui= $_SESSION["ui"];
$config= $_SESSION['config'];
/* Check ACL's */
-$acl= get_permissions ($config->current['BASE'], $ui->subtreeACL);
-$acl= get_module_permission($acl, "all", $config->current['BASE']);
-if (chkacl($acl, "all") != ""){
- header ("Location: ../index.php");
+#FIXME Use more specific acl categories instead of all/all
+$ui = get_userinfo();
+$acl = $ui->get_permissions(base64_decode($_GET['id']),"all/all");
+if(!preg_match("/r/",$acl)){
+ header ("Location: index.php");
exit;
}
$dir = search_config($config->data,"environment", "KIOSKPATH");