[Vtigercrm-commits] [vtiger-commits] r6687 - /vtigercrm/trunk/index.php
vtigercrm-commits at vtiger.fosslabs.com
vtigercrm-commits at vtiger.fosslabs.com
Mon May 29 09:06:40 EDT 2006
Author: don
Date: Mon May 29 07:06:36 2006
New Revision: 6687
Log:
added security check for ajax actions
Modified:
vtigercrm/trunk/index.php
Modified: vtigercrm/trunk/index.php
==============================================================================
--- vtigercrm/trunk/index.php (original)
+++ vtigercrm/trunk/index.php Mon May 29 07:06:36 2006
@@ -465,16 +465,29 @@
if(!$skipSecurityCheck)
{
+
+
require_once('include/utils/UserInfoUtil.php');
- if(isset($_REQUEST['record']) && $_REQUEST['record'] != '')
- {
- $display = isPermitted($module,$action,$_REQUEST['record']);
- }
- else
- {
- $display = isPermitted($module,$action);
- }
+
+ if(ereg('Ajax',$action))
+ {
+ $now_action=$_REQUEST['file'];
+ }
+ else
+ {
+ $now_action=$action;
+ }
+
+ if(isset($_REQUEST['record']) && $_REQUEST['record'] != '')
+ {
+ $display = isPermitted($module,$now_action,$_REQUEST['record']);
+ }
+ else
+ {
+ $display = isPermitted($module,$now_action);
+ }
$seclog->debug('########### Pemitted ---> '.$display.' ##############');
+
}
else
{
More information about the vtigercrm-commits
mailing list