diff options
| author | marcelloc <marcellocoutinho@gmail.com> | 2012-06-12 11:08:46 -0300 |
|---|---|---|
| committer | marcelloc <marcellocoutinho@gmail.com> | 2012-06-12 11:08:46 -0300 |
| commit | 14f5f7051edce0cdc930a4af73592b25f4abafa7 (patch) | |
| tree | 69c5f17854455457186479db37d3db1ebab753a9 /etc | |
| parent | c449c5f639e5242f67c59b65d8fa094a7fd62f38 (diff) | |
| download | pfsense-14f5f7051edce0cdc930a4af73592b25f4abafa7.zip pfsense-14f5f7051edce0cdc930a4af73592b25f4abafa7.tar.gz | |
fix permissions check to xml package files and show only menus user has access to
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/authgui.inc | 2 | ||||
| -rw-r--r-- | etc/inc/priv.inc | 18 | ||||
| -rw-r--r-- | etc/inc/priv/user.priv.inc | 4 |
3 files changed, 10 insertions, 14 deletions
diff --git a/etc/inc/authgui.inc b/etc/inc/authgui.inc index ae59197..1591c07 100644 --- a/etc/inc/authgui.inc +++ b/etc/inc/authgui.inc @@ -56,7 +56,7 @@ $allowedpages = getAllowedPages($HTTP_SERVER_VARS['AUTH_USER']); /* * redirect to first allowed page if requesting a wrong url */ -if (!isAllowedPage($_SERVER['SCRIPT_NAME'])) { +if (!isAllowedPage($_SERVER['REQUEST_URI'])) { if (count($allowedpages) > 0) { $page = str_replace('*', '', $allowedpages[0]); $_SESSION['Post_Login'] = true; diff --git a/etc/inc/priv.inc b/etc/inc/priv.inc index ec941d2..c100a23 100644 --- a/etc/inc/priv.inc +++ b/etc/inc/priv.inc @@ -119,15 +119,10 @@ function cmp_page_matches($page, & $matches, $fullwc = true) { continue; /* compare exact or wildcard match */ - $wcpos = strpos($match, "*"); - if ($wcpos === false) - $result = strcmp($page, $match); - else { - $match = "/" . str_replace(array(".", "*"), array("\.", ".*"), $match) . "/"; - $result = !preg_match($match, $page); - } - - if (!$result) + $match = str_replace(array(".", "*","?"), array("\.", ".*","\?"), $match); + $result = preg_match("@^/{$match}$@", "/{$page}"); + + if ($result) return true; } @@ -222,10 +217,7 @@ function isAllowedPage($page) { return true; /* user privelege access check */ - if (cmp_page_matches($page, $_SESSION['page-match'])) - return true; - - return false; + return cmp_page_matches($page, $_SESSION['page-match']); } function getPrivPages(& $entry, & $allowed_pages) { diff --git a/etc/inc/priv/user.priv.inc b/etc/inc/priv/user.priv.inc index c2b293c..8afdd95 100644 --- a/etc/inc/priv/user.priv.inc +++ b/etc/inc/priv/user.priv.inc @@ -2,6 +2,10 @@ global $priv_list; +$priv_list['help-all'] = array(); +$priv_list['help-all']['name'] = "Help - All help pages"; +$priv_list['help-all']['descr'] = "Show all items on help menu"; + $priv_list['page-dashboard-all'] = array(); $priv_list['page-dashboard-all']['name'] = "WebCfg - Dashboard (all)"; $priv_list['page-dashboard-all']['descr'] = "Allow access to all pages required for the dashboard."; |
