# HG changeset patch
# User peter
# Date 1226351234 0
# Node ID 5ac118d6556c650fc4e160140a443f3c5d1ffc13
# Parent df674d004508d44b8f7d7a36d3f128effa63e48f
[feladat @ 308]
Bugfix: when not all data was entered correctly when creating a new user, an error was displayed, but the user still was created.
Bugfix: A possible privilege escalation has been reported by Pim Rupert. This has also been adressed.
diff -r df674d004508 -r 5ac118d6556c add_user.php
--- a/add_user.php Fri Sep 26 10:02:33 2008 +0000
+++ b/add_user.php Mon Nov 10 21:07:14 2008 +0000
@@ -49,16 +49,18 @@
echo "
\n";
- echo " " . _('Permission template') . " \n";
- echo " \n";
- echo " \n";
- foreach (list_permission_templates() as $template) {
- ($template['id'] == $user['tpl_id']) ? $select = " SELECTED" : $select = "" ;
- echo " " . $template['name'] . " \n";
+ if (verify_permission('user_edit_templ_perm')) {
+ echo " \n";
+ echo " " . _('Permission template') . " \n";
+ echo " \n";
+ echo " \n";
+ foreach (list_permission_templates() as $template) {
+ ($template['id'] == $user['tpl_id']) ? $select = " SELECTED" : $select = "" ;
+ echo " " . $template['name'] . " \n";
+ }
+ echo " \n";
+ echo " \n";
}
- echo " \n";
- echo " \n";
echo " \n";
echo " \n";
echo " " . _('Description') . " \n";
diff -r df674d004508 -r 5ac118d6556c inc/users.inc.php
--- a/inc/users.inc.php Fri Sep 26 10:02:33 2008 +0000
+++ b/inc/users.inc.php Mon Nov 10 21:07:14 2008 +0000
@@ -313,9 +313,11 @@
$query = "UPDATE users SET
username = " . $db->quote($user, 'text') . ",
fullname = " . $db->quote($fullname, 'text') . ",
- email = " . $db->quote($email, 'text') . ",
- perm_templ = " . $db->quote($perm_templ, 'integer') . ",
- description = " . $db->quote($description, 'text') . ",
+ email = " . $db->quote($email, 'text') . ",";
+ if (verify_permission('user_edit_templ_perm')) {
+ $query .= "perm_templ = " . $db->quote($perm_templ, 'integer') . ",";
+ }
+ $query .= "description = " . $db->quote($description, 'text') . ",
active = " . $db->quote($active, 'integer') ;
if($password != "") {
@@ -734,29 +736,34 @@
if (!verify_permission('user_add_new')) {
error(ERR_PERM_ADD_USER);
-
+ return false;
} elseif (user_exists($details['username'])) {
error(ERR_USER_EXISTS);
-
+ return false;
} elseif (!is_valid_email($details['email'])) {
error(ERR_INV_EMAIL);
-
+ return false;
} elseif ($details['active'] == 1) {
$active = 1;
} else {
$active = 0;
}
- $query = "INSERT INTO users (username, password, fullname, email, description, perm_templ, active) VALUES ("
+ $query = "INSERT INTO users (username, password, fullname, email, description,";
+ if (verify_permission('user_edit_templ_perm')) {
+ $query .= ' perm_templ,';
+ }
+ $query .= " active) VALUES ("
. $db->quote($details['username'], 'text') . ", "
. $db->quote(md5($details['password']), 'text') . ", "
. $db->quote($details['fullname'], 'text') . ", "
. $db->quote($details['email'], 'text') . ", "
- . $db->quote($details['descr'], 'text') . ", "
- . $db->quote($details['perm_templ'], 'integer') . ", "
- . $db->quote($active, 'integer')
+ . $db->quote($details['descr'], 'text') . ", ";
+ if (verify_permission('user_edit_templ_perm')) {
+ $query .= $db->quote($details['perm_templ'], 'integer') . ", ";
+ }
+ $query .= $db->quote($active, 'integer')
. ")";
-
$response = $db->query($query);
if (PEAR::isError($response)) { error($response->getMessage()); return false; }