fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-02 01:52:10 +09:00
Code Issues Projects Releases Packages Wiki Activity

SECISSUE fix #953 모듈 관리자가 허용되지 않은 페이지에 접근할 수 있는 문제 고침

Browse source
This commit is contained in:
bnu 2014-09-03 16:40:36 +09:00
parent 887df6bc93
commit c7052f5769
2 changed files with 15 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

15
classes/module/ModuleHandler.class.php
View file

@ -577,7 +577,7 @@ class ModuleHandler extends Handler
if($kind == 'admin')
{
$grant = $oModuleModel->getGrant($this->module_info, $logged_info);
if(!$grant->is_admin && !$grant->manager)
if(!$grant->manager)
{
$this->_setInputErrorToContext();
$this->error = 'msg_is_not_manager';
@ -587,6 +587,19 @@ class ModuleHandler extends Handler
$oMessageObject->dispMessage();
return $oMessageObject;
}
else
{
if(!$grant->is_admin && $this->module != $this->orig_module->module && $xml_info->permission->{$this->act} != 'manager')
{
$this->_setInputErrorToContext();
$this->error = 'msg_is_not_administrator';
$oMessageObject = ModuleHandler::getModuleInstance('message', 'view');
$oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error);
$oMessageObject->dispMessage();
return $oMessageObject;
}
}
}
}
else if($xml_info->default_index_act && method_exists($oModule, $xml_info->default_index_act))