extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-08 17:14:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add acl check for app access prior to list_methods() call

Browse Source
This commit is contained in:
Miles Lott 2001-12-28 16:29:27 +00:00
parent 95da5b6f10
commit a4cefb9b28
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
phpgwapi/inc/class.xmlrpc_server.inc.php
View File

@ -307,13 +307,17 @@
$methName = $tmp[2]; $methName = $tmp[2];
$service = $tmp[1]; $service = $tmp[1];
$class = $tmp[0]; $class = $tmp[0];
if (ereg('^service',$method)) if (ereg('^service',$method))
{ {
$t = 'phpgwapi.' . $class . '.exec'; $t = 'phpgwapi.' . $class . '.exec';
$dmap = ExecMethod($t,array($service,'list_methods','xmlrpc')); $dmap = ExecMethod($t,array($service,'list_methods','xmlrpc'));
} }
else elseif($GLOBALS['phpgw']->acl->check('run',1,$class))
{ {
/* This only happens if they have app access. If not, we will
* return a fault below.
*/
$listmeth = $tmp[0] . '.' . $service . '.' . 'list_methods'; $listmeth = $tmp[0] . '.' . $service . '.' . 'list_methods';
$dmap = ExecMethod($listmeth,'xmlrpc'); $dmap = ExecMethod($listmeth,'xmlrpc');
} }