From 2f5b2dc68a73954b497c7aaa3223be7f3db1d117 Mon Sep 17 00:00:00 2001 From: Nik Okuntseff Date: Mon, 26 Mar 2018 19:18:51 +0000 Subject: [PATCH] Improved access checks for swap_roles.php. --- WEB-INF/lib/ttTeamHelper.class.php | 1 + WEB-INF/templates/footer.tpl | 2 +- swap_roles.php | 11 ++++++++--- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/WEB-INF/lib/ttTeamHelper.class.php b/WEB-INF/lib/ttTeamHelper.class.php index 5aeee219..fb74d8e1 100644 --- a/WEB-INF/lib/ttTeamHelper.class.php +++ b/WEB-INF/lib/ttTeamHelper.class.php @@ -108,6 +108,7 @@ class ttTeamHelper { global $user; $mdb2 = getConnection(); + // Obtain role id for the user we are swapping ourselves with. $sql = "select u.id, u.role_id from tt_users u left join tt_roles r on (u.role_id = r.id) where u.id = $user_id and u.team_id = $user->team_id and u.status = 1 and r.rank < $user->rank"; $res = $mdb2->query($sql); if (is_a($res, 'PEAR_Error')) diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index 9defcca8..6646f126 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
-
 Anuko Time Tracker 1.17.74.4180 | Copyright © Anuko | +  Anuko Time Tracker 1.17.74.4181 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve} diff --git a/swap_roles.php b/swap_roles.php index 59a726c5..05485018 100644 --- a/swap_roles.php +++ b/swap_roles.php @@ -40,10 +40,15 @@ if (!is_array($users_for_swap) || sizeof($users_for_swap) == 0) { header('Location: access_denied.php'); exit(); } - if ($request->isPost()) { - $cl_id = $request->getParameter('swap_with'); + $user_id = (int)$request->getParameter('swap_with'); + $user_details = $user->getUser($user_id); + if (!$user_details) { + header('Location: access_denied.php'); + exit(); + } } +// End of access checks. $form = new Form('swapForm'); $form->addInput(array('type'=>'combobox','name'=>'swap_with','style'=>'width: 250px;','data'=>$users_for_swap,'datakeys'=>array('id','name'))); @@ -52,7 +57,7 @@ $form->addInput(array('type'=>'submit','name'=>'btn_cancel','value'=>$i18n->get( if ($request->isPost()) { if ($request->getParameter('btn_submit')) { - if (ttTeamHelper::swapRolesWith($cl_id)) { + if (ttTeamHelper::swapRolesWith($user_id)) { header('Location: users.php'); exit(); } else -- 2.20.1