From ce0a5816476bd4703b85a30396123f13da5be174 Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@pfsense.org>
Date: Mon, 3 Dec 2007 23:27:31 +0000
Subject: Do a check on all ID's > -1.   When we a dup a rule with id 0 the
 checks where bypassed.

Spotted-by: billm

---
 usr/local/www/firewall_nat_edit.php   | 2 +-
 usr/local/www/firewall_rules_edit.php | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

(limited to 'usr')

diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php
index 6e111d8..a8f0031 100755
--- a/usr/local/www/firewall_nat_edit.php
+++ b/usr/local/www/firewall_nat_edit.php
@@ -61,7 +61,7 @@ if (isset($id) && $a_nat[$id]) {
 	$pconfig['interface'] = "wan";
 }
 
-if($id) {
+if($id > -1) {
 	$if = $a_nat[$id]['interface'];
 	$security_url = "firewall_nat_edit.php?if=". strtolower($if);
 	if (!isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) {
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php
index cd427d4..25e36a8 100755
--- a/usr/local/www/firewall_rules_edit.php
+++ b/usr/local/www/firewall_rules_edit.php
@@ -55,10 +55,11 @@ if (isset($_GET['dup'])) {
 	$after = $_GET['dup'];
 }
 
-if($id) {
+if($id > -1) {
 	$if = $a_filter[$id]['interface'];
 	$security_url = "firewall_rules_edit.php?if=". strtolower($if);
 	if (!isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) {
+		log_error("Checking for {$security_url}");
 		if(!in_array($security_url, $allowed)) {
 			// User does not have access
 	//		echo "displaying error {$security_url}"; print_r($allowed);
-- 
cgit v1.1