Pflichtenheft: Zugriff auf nicht vorhandenes »visible_item« verhindern

[kivitendo-erp.git] / SL / Auth.pm

diff --git a/SL/Auth.pm b/SL/Auth.pm
index 2323a28..baa1eda 100644 (file)
--- a/SL/Auth.pm
+++ b/SL/Auth.pm
@@ -20,7 +20,7 @@ use SL::SessionFile;
 use SL::User;
 use SL::DBConnect;
 use SL::DBUpgrade2;
-use SL::DBUtils;
+use SL::DBUtils qw(do_query do_statement prepare_execute_query prepare_query selectall_array_query selectrow_query);
 
 use strict;
 
@@ -89,7 +89,7 @@ sub mini_error {
   } else {
     print STDERR "Error: @msg\n";
   }
-  ::end_of_request();
+  $::dispatcher->end_request;
 }
 
 sub _read_auth_config {
@@ -168,8 +168,8 @@ sub authenticate_root {
     return ERR_PASSWORD;
   }
 
-  $password             = SL::Auth::Password->hash(login => 'root', password => $password);
   my $admin_password    = SL::Auth::Password->hash_if_unhashed(login => 'root', password => $self->{admin_password}->());
+  $password             = SL::Auth::Password->hash(login => 'root', password => $password, stored_password => $admin_password);
 
   my $result = $password eq $admin_password ? OK : ERR_PASSWORD;
   $self->set_session_value(SESSION_KEY_ROOT_AUTH() => $result);
@@ -516,7 +516,7 @@ sub restore_session {
 
   $form   = $main::form;
 
-  # Don't fail if the auth DB doesn't yet.
+  # Don't fail if the auth DB doesn't exist yet.
   if (!( $dbh = $self->dbconnect(1) )) {
     return $self->session_restore_result(SESSION_NONE());
   }
@@ -1120,7 +1120,7 @@ sub _parse_rights_string {
       push @{$cur_ary}, $token;
 
     } else {
-      push @{$cur_ary}, $self->{RIGHTS}->{$login}->{$token} * 1;
+      push @{$cur_ary}, ($self->{RIGHTS}->{$login}->{$token} // 0) * 1;
     }
   }