From 242ca40f4668b80c51069f9371b75c8725455728 Mon Sep 17 00:00:00 2001 From: hickert Date: Thu, 11 Jan 2007 11:15:22 +0000 Subject: [PATCH] Updated startup and service to only accept posts that we are allowed to write git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.5@5534 594d385d-05f5-0310-b6e9-bd551577e9d8 --- plugins/admin/systems/class_workstationService.inc | 2 +- plugins/admin/systems/class_workstationStartup.inc | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/plugins/admin/systems/class_workstationService.inc b/plugins/admin/systems/class_workstationService.inc index 4db156af8..a97480dc9 100644 --- a/plugins/admin/systems/class_workstationService.inc +++ b/plugins/admin/systems/class_workstationService.inc @@ -341,7 +341,7 @@ class workservice extends plugin { plugin::save_object(); - if(isset($_POST['gotoXDriver'])){ + if(isset($_POST['gotoXDriver']) && chkacl($this->acl,"AutoSync") == ""){ if(isset($_POST['AutoSync'])){ $this->AutoSync = true; }else{ diff --git a/plugins/admin/systems/class_workstationStartup.inc b/plugins/admin/systems/class_workstationStartup.inc index fd9bcf952..5d020a17d 100644 --- a/plugins/admin/systems/class_workstationStartup.inc +++ b/plugins/admin/systems/class_workstationStartup.inc @@ -519,7 +519,7 @@ class workstartup extends plugin } /* Add module */ - if (isset ($_POST['add_module'])){ + if (isset ($_POST['add_module']) ){ if ($_POST['module'] != "" && chkacl ($this->acl, "gotoModule") == ""){ $this->add_list ($this->gotoModules, $_POST['module']); } @@ -533,7 +533,7 @@ class workstartup extends plugin } /* FAI class management */ - if($this->fai_activated){ + if($this->fai_activated && chkacl($this->acl,"FAIclass") == ""){ if((isset($_POST['AddClass']))&&(isset($_POST['FAIclassesSel']))){ $found = 0 ; @@ -639,7 +639,7 @@ class workstartup extends plugin /* if $_POST['gotoShareAdd'] is set, we will try to add a new entry * This entry will be, a combination of mountPoint and sharedefinitions */ - if(isset($_POST['gotoShareAdd'])){ + if(isset($_POST['gotoShareAdd']) && chkacl($this->acl,"gotoShare") ==""){ /* We assign a share to this user, if we don't know where to mount the share */ if((!isset($_POST['gotoShareMountPoint']))||(empty($_POST['gotoShareMountPoint']))||(preg_match("/[\|]/i",$_POST['gotoShareMountPoint']))){ print_red(_("You must specify a valid mount point.")); @@ -657,7 +657,7 @@ class workstartup extends plugin /* if the Post gotoShareDel is set, someone asked GOsa to delete the selected entry (if there is one selected) * If there is no defined share selected, we will abort the deletion without any message */ - if((isset($_POST['gotoShareDel']))&&(isset($_POST['gotoShare']))){ + if((isset($_POST['gotoShareDel']))&&(isset($_POST['gotoShare'])) && chkacl($this->acl,"gotoShare") ==""){ unset($this->gotoShares[$_POST['gotoShare']]); } -- 2.30.2