Improved access checks for swap_roles.php.
authorNik Okuntseff <support@anuko.com>
Mon, 26 Mar 2018 19:18:51 +0000 (19:18 +0000)
committerNik Okuntseff <support@anuko.com>
Mon, 26 Mar 2018 19:18:51 +0000 (19:18 +0000)
WEB-INF/lib/ttTeamHelper.class.php
WEB-INF/templates/footer.tpl
swap_roles.php

index 5aeee21..fb74d8e 100644 (file)
@@ -108,6 +108,7 @@ class ttTeamHelper {
     global $user;
     $mdb2 = getConnection();
 
+    // Obtain role id for the user we are swapping ourselves with.
     $sql = "select u.id, u.role_id from tt_users u left join tt_roles r on (u.role_id = r.id) where u.id = $user_id and u.team_id = $user->team_id and u.status = 1 and r.rank < $user->rank";
     $res = $mdb2->query($sql);
     if (is_a($res, 'PEAR_Error'))
index 9defcca..6646f12 100644 (file)
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.17.74.4180 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.17.74.4181 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
index 59a726c..0548501 100644 (file)
@@ -40,10 +40,15 @@ if (!is_array($users_for_swap) || sizeof($users_for_swap) == 0) {
   header('Location: access_denied.php');
   exit();
 }
-
 if ($request->isPost()) {
-  $cl_id = $request->getParameter('swap_with');
+  $user_id = (int)$request->getParameter('swap_with');
+  $user_details = $user->getUser($user_id);
+  if (!$user_details) {
+    header('Location: access_denied.php');
+    exit();
+  }
 }
+// End of access checks.
 
 $form = new Form('swapForm');
 $form->addInput(array('type'=>'combobox','name'=>'swap_with','style'=>'width: 250px;','data'=>$users_for_swap,'datakeys'=>array('id','name')));
@@ -52,7 +57,7 @@ $form->addInput(array('type'=>'submit','name'=>'btn_cancel','value'=>$i18n->get(
 
 if ($request->isPost()) {
   if ($request->getParameter('btn_submit')) {
-    if (ttTeamHelper::swapRolesWith($cl_id)) {
+    if (ttTeamHelper::swapRolesWith($user_id)) {
       header('Location: users.php');
       exit();
     } else