From a4cefb9b281b9f7d6aeb8caa1ce2cf11101675a0 Mon Sep 17 00:00:00 2001 From: Miles Lott Date: Fri, 28 Dec 2001 16:29:27 +0000 Subject: [PATCH] Add acl check for app access prior to list_methods() call --- phpgwapi/inc/class.xmlrpc_server.inc.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/phpgwapi/inc/class.xmlrpc_server.inc.php b/phpgwapi/inc/class.xmlrpc_server.inc.php index 088f8cb6ba..985d358762 100644 --- a/phpgwapi/inc/class.xmlrpc_server.inc.php +++ b/phpgwapi/inc/class.xmlrpc_server.inc.php @@ -307,13 +307,17 @@ $methName = $tmp[2]; $service = $tmp[1]; $class = $tmp[0]; + if (ereg('^service',$method)) { $t = 'phpgwapi.' . $class . '.exec'; $dmap = ExecMethod($t,array($service,'list_methods','xmlrpc')); } - else + elseif($GLOBALS['phpgw']->acl->check('run',1,$class)) { + /* This only happens if they have app access. If not, we will + * return a fault below. + */ $listmeth = $tmp[0] . '.' . $service . '.' . 'list_methods'; $dmap = ExecMethod($listmeth,'xmlrpc'); }