diff options
author | marcelloc <marcellocoutinho@gmail.com> | 2012-06-12 11:08:46 -0300 |
---|---|---|
committer | marcelloc <marcellocoutinho@gmail.com> | 2012-06-12 11:08:46 -0300 |
commit | 14f5f7051edce0cdc930a4af73592b25f4abafa7 (patch) | |
tree | 69c5f17854455457186479db37d3db1ebab753a9 /etc/inc/priv.inc | |
parent | c449c5f639e5242f67c59b65d8fa094a7fd62f38 (diff) | |
download | pfsense-14f5f7051edce0cdc930a4af73592b25f4abafa7.zip pfsense-14f5f7051edce0cdc930a4af73592b25f4abafa7.tar.gz |
fix permissions check to xml package files and show only menus user has access to
Diffstat (limited to 'etc/inc/priv.inc')
-rw-r--r-- | etc/inc/priv.inc | 18 |
1 files changed, 5 insertions, 13 deletions
diff --git a/etc/inc/priv.inc b/etc/inc/priv.inc index ec941d2..c100a23 100644 --- a/etc/inc/priv.inc +++ b/etc/inc/priv.inc @@ -119,15 +119,10 @@ function cmp_page_matches($page, & $matches, $fullwc = true) { continue; /* compare exact or wildcard match */ - $wcpos = strpos($match, "*"); - if ($wcpos === false) - $result = strcmp($page, $match); - else { - $match = "/" . str_replace(array(".", "*"), array("\.", ".*"), $match) . "/"; - $result = !preg_match($match, $page); - } - - if (!$result) + $match = str_replace(array(".", "*","?"), array("\.", ".*","\?"), $match); + $result = preg_match("@^/{$match}$@", "/{$page}"); + + if ($result) return true; } @@ -222,10 +217,7 @@ function isAllowedPage($page) { return true; /* user privelege access check */ - if (cmp_page_matches($page, $_SESSION['page-match'])) - return true; - - return false; + return cmp_page_matches($page, $_SESSION['page-match']); } function getPrivPages(& $entry, & $allowed_pages) { |