From a29678d1be8c1304082a74f93d87bb02357a8258 Mon Sep 17 00:00:00 2001 From: hickert Date: Wed, 2 Jul 2008 12:02:39 +0000 Subject: [PATCH] Updated plugin handling. -We are no longer able to view plugins we are not allowed to view. git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@11509 594d385d-05f5-0310-b6e9-bd551577e9d8 --- gosa-core/html/main.php | 2 +- gosa-core/include/class_pluglist.inc | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/gosa-core/html/main.php b/gosa-core/html/main.php index 68941ebfa..2e415ce94 100644 --- a/gosa-core/html/main.php +++ b/gosa-core/html/main.php @@ -184,7 +184,7 @@ if (session::is_set('plugin_dir')){ } else { $old_plugin_dir= ""; } -if (isset($_GET['plug'])){ +if (isset($_GET['plug']) && $plist->plugin_access_allowed($_GET['plug'])){ $plug= validate($_GET['plug']); $plugin_dir= $plist->get_path($plug); session::set('plugin_dir',$plugin_dir); diff --git a/gosa-core/include/class_pluglist.inc b/gosa-core/include/class_pluglist.inc index ecc77a18c..8c47f218a 100644 --- a/gosa-core/include/class_pluglist.inc +++ b/gosa-core/include/class_pluglist.inc @@ -31,6 +31,7 @@ class pluglist { var $current= ""; var $info= array(); var $headlines = array(); + var $allowed_plugins = array(); function pluglist(&$config, &$ui) { @@ -186,6 +187,8 @@ class pluglist { if ($this->check_access($info['ACL'])){ + $this->allowed_plugins[$index] = $index; + $entries= $entries."

"; if(session::get('js')){ @@ -377,6 +380,15 @@ class pluglist { return (0); } + + /*! \brief This function checks if we are allowed to view the plugin with the given id + @param $plug_id Integer The ID of the plugin. + @return Boolean TRUE if we are allowed to view the plugin else FASLE + */ + function plugin_access_allowed($plug_id) + { + return(isset($this->allowed_plugins[$plug_id])); + } } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?> -- 2.30.2