extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-12-27 09:09:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix invalid actions on session/access log still enabled

Browse Source
This commit is contained in:
Nathan Gray 2014-05-26 17:39:59 +00:00
parent fca003d78d
commit 135b6cda37
2 changed files with 2 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
admin/inc/class.admin_accesslog.inc.php
View File

@ -93,22 +93,14 @@ class admin_accesslog
// eg. for bad login or password // eg. for bad login or password
if (!$row['account_id']) $row['alt_loginid'] = ($row['loginid']?$row['loginid']:lang('none')); if (!$row['account_id']) $row['alt_loginid'] = ($row['loginid']?$row['loginid']:lang('none'));
$readonlys['kill['.$row['sessionid'].']'] = $no_kill;
$readonlys['delete['.$row['sessionid'].']'] = $query['session_list'];
// do not allow to kill or select own session // do not allow to kill or select own session
if ($GLOBALS['egw']->session->sessionid_access_log == $row['sessionid'] && $query['session_list']) if ($GLOBALS['egw']->session->sessionid_access_log == $row['sessionid'] && $query['session_list'])
{ {
$readonlys['kill['.$row['sessionid'].']'] = $readonlys['selected['.$row['sessionid'].']'] = true;
$readonlys["kill[$row[sessionid]]"]= true;
$row['class'] .= ' rowNoDelete '; $row['class'] .= ' rowNoDelete ';
} }
// do not allow to delete access log off active sessions // do not allow to delete access log off active sessions
if (!$row['lo'] && $row['session_dla'] > time()-$GLOBALS['egw_info']['server']['sessions_timeout'] && !$query['session_list']) if (!$row['lo'] && $row['session_dla'] > time()-$GLOBALS['egw_info']['server']['sessions_timeout'] && !$query['session_list'])
{ {
$readonlys['delete['.$row['sessionid'].']'] = $readonlys['selected['.$row['sessionid'].']'] = true;
$readonlys["delete[$row[sessionid]]"]= true;
$row['class'] .= ' rowNoDelete '; $row['class'] .= ' rowNoDelete ';
} }
unset($row['session_php']); // for security reasons, do NOT give real PHP sessionid to UI unset($row['session_php']); // for security reasons, do NOT give real PHP sessionid to UI
@ -314,6 +306,7 @@ class admin_accesslog
'confirm' => 'Kill this session', 'confirm' => 'Kill this session',
'confirm_multiple' => 'Kill these sessions', 'confirm_multiple' => 'Kill these sessions',
'group' => $group, 'group' => $group,
'disableClass' => 'rowNoDelete',
), ),
); );

2
admin/templates/default/accesslog.xet
View File

@ -26,7 +26,7 @@
<nextmatch-sortheader label="Idle" id="session_dla"/> <nextmatch-sortheader label="Idle" id="session_dla"/>
<nextmatch-sortheader label="User-Agent" id="user_agent"/> <nextmatch-sortheader label="User-Agent" id="user_agent"/>
</row> </row>
<row class="row"> <row class="row $row_cont[class]">
<hbox> <hbox>
<menulist> <menulist>
<menupopup type="select-account" label="" id="${row}[account_id]" readonly="true"/> <menupopup type="select-account" label="" id="${row}[account_id]" readonly="true"/>