extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-12-28 01:29:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix admin was not able to see devices and logs of an other user, if he opened that users preferences via admin context-menu

Browse Source
This commit is contained in:
Ralf Becker 2016-06-20 11:48:28 +02:00
parent 65a26d707a
commit bd5fc3ed11
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
api/src/CalDAV/Hooks.php
View File

@ -107,10 +107,11 @@ class Hooks
$logs = array(); $logs = array();
if (file_exists($log_dir=$GLOBALS['egw_info']['server']['files_dir'].'/groupdav') && ($files = scandir($log_dir))) if (file_exists($log_dir=$GLOBALS['egw_info']['server']['files_dir'].'/groupdav') && ($files = scandir($log_dir)))
{ {
$account_lid_len = strlen($GLOBALS['egw_info']['user']['account_lid']); $account_lid = Api\Accounts::id2name($hook_data['account_id']);
$account_lid_len = strlen($account_lid);
foreach($files as $log) foreach($files as $log)
{ {
if (substr($log,0,$account_lid_len+1) == $GLOBALS['egw_info']['user']['account_lid'].'-' && if (substr($log,0,$account_lid_len+1) == $account_lid.'-' &&
substr($log,-4) == '.log') substr($log,-4) == '.log')
{ {
$logs['groupdav/'.$log] = Api\DateTime::to(filemtime($log_dir.'/'.$log)).': '. $logs['groupdav/'.$log] = Api\DateTime::to(filemtime($log_dir.'/'.$log)).': '.
@ -153,7 +154,9 @@ class Hooks
public static function log() public static function log()
{ {
$filename = $_GET['filename']; $filename = $_GET['filename'];
if (!preg_match('|^groupdav/'.preg_quote($GLOBALS['egw_info']['user']['account_lid'],'|').'-[^/]+\.log$|',$filename)) $matches = null;
if (!preg_match('|^groupdav/'.($GLOBALS['egw_info']['user']['apps']['admin'] ? '[^-]+' :
preg_quote($GLOBALS['egw_info']['user']['account_lid'], '|')).'-(.*)\.log$|', $filename, $matches))
{ {
throw new Api\Exception\WrongParameter("Access denied to file '$filename'!"); throw new Api\Exception\WrongParameter("Access denied to file '$filename'!");
} }
@ -161,8 +164,7 @@ class Hooks
body { background-color: #e0e0e0; overflow: hidden; } body { background-color: #e0e0e0; overflow: hidden; }
pre.tail { background-color: white; padding-left: 5px; margin-left: 5px; } pre.tail { background-color: white; padding-left: 5px; margin-left: 5px; }
'; ';
$header = str_replace('!','/',substr($filename,10+strlen($GLOBALS['egw_info']['user']['account_lid']),-4));
$tail = new Api\Json\Tail($filename); $tail = new Api\Json\Tail($filename);
$GLOBALS['egw']->framework->render($tail->show($header),false,false); $GLOBALS['egw']->framework->render($tail->show(str_replace('!', '/', $matches[1])),false,false);
} }
} }