From 57188e4752b9606c54cd49f4d8f96ec0fc38f8f3 Mon Sep 17 00:00:00 2001
From: Phil Davis <phil.davis@inf.org>
Date: Mon, 2 Jan 2017 17:45:37 +0545
Subject: Add security notes for privilege assignment pages

Suggested solution for Redmine 2247
---
 tools/scripts/generate-privdefs.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'tools/scripts/generate-privdefs.php')

diff --git a/tools/scripts/generate-privdefs.php b/tools/scripts/generate-privdefs.php
index c8e2421..da76692 100755
--- a/tools/scripts/generate-privdefs.php
+++ b/tools/scripts/generate-privdefs.php
@@ -96,6 +96,7 @@ $pdata .= "\n";
 $pdata .= "\$priv_list['page-all'] = array();\n";
 $pdata .= "\$priv_list['page-all']['name'] = gettext(\"WebCfg - All pages\");\n";
 $pdata .= "\$priv_list['page-all']['descr'] = gettext(\"Allow access to all pages\");\n";
+$pdata .= "\$priv_list['page-all']['warn'] = \"standard-warning-root\";\n";
 $pdata .= "\$priv_list['page-all']['match'] = array();\n";
 $pdata .= "\$priv_list['page-all']['match'][] = \"*\";\n";
 $pdata .= "\n";
@@ -107,6 +108,7 @@ foreach ($data as $fname => $tags) {
 		$ident = "";
 		$name = "";
 		$descr = "";
+		$warn = "";
 		$match = array();
 
 		foreach ($vals as $vname => $vlist) {
@@ -121,6 +123,9 @@ foreach ($data as $fname => $tags) {
 				case "DESCR":
 					$descr = $vlist[0];
 					break;
+				case "WARN":
+					$warn = $vlist[0];
+					break;
 				case "MATCH":
 					$match = $vlist;
 					break;
@@ -140,6 +145,11 @@ foreach ($data as $fname => $tags) {
 		$pdata .= "\$priv_list['{$ident}'] = array();\n";
 		$pdata .= "\$priv_list['{$ident}']['name'] = gettext(\"WebCfg - {$name}\");\n";
 		$pdata .= "\$priv_list['{$ident}']['descr'] = gettext(\"{$descr}\");\n";
+
+		if (strlen($warn) > 0) {
+			$pdata .= "\$priv_list['{$ident}']['warn'] = \"{$warn}\";\n";
+		}
+
 		$pdata .= "\$priv_list['{$ident}']['match'] = array();\n";
 
 		foreach ($match as $url)
-- 
cgit v1.1