From 322ac5a628b2961cbf0cfc670b96dd48051e7aa1 Mon Sep 17 00:00:00 2001
From: Matthew Grooms <mgrooms@pfsense.org>
Date: Wed, 3 Sep 2008 17:25:47 +0000
Subject: Correct a regression in the privilege system where pages were not
 being matched correctly. Reported by Seth.

---
 etc/inc/priv.inc | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

(limited to 'etc/inc/priv.inc')

diff --git a/etc/inc/priv.inc b/etc/inc/priv.inc
index dfacf55..e03e160 100644
--- a/etc/inc/priv.inc
+++ b/etc/inc/priv.inc
@@ -91,6 +91,9 @@ function sort_privs(& $privs) {
 
 function cmp_page_matches($page, & $matches, $fullwc = true) {
 
+//	$dbg_matches = implode(",", $matches);
+//	log_error("debug: checking page {$page} match with {$dbg_matches}");
+
 	if (!is_array($matches))
 		return false;
 
@@ -202,7 +205,7 @@ function isAllowedPage($page) {
 				return true;
 
 	/* user privelege access check */
-	if (cmp_page_matches($page, $allowed_pages))
+	if (cmp_page_matches($page, $_SESSION['page-match']))
 		return true;
 
 	return false;
@@ -262,12 +265,12 @@ function getAllowedPages($username) {
 			if (in_array($group['name'], $allowed_groups))
 				getPrivPages($group, $allowed_pages);
 
-	$allowed_groups = print_r($allowed_groups, true);
-	$fdny = fopen("/tmp/groups", "w");
-	fwrite($fdny, $allowed_groups);
-	fclose($fdny);
+//	$dbg_pages = implode(",", $allowed_pages);
+//	$dbg_groups = implode(",", $allowed_groups);
+//	log_error("debug: user {$username} groups = {$dbg_groups}");
+//	log_error("debug: user {$username} pages = {$dbg_pages}");
 
-	$_SESSION['privs'] = $allowed_pages;
+	$_SESSION['page-match'] = $allowed_pages;
 
 	return $allowed_pages;
 }
-- 
cgit v1.1