From bd5fc3ed119d82794eb0653e06455e14f5cea53f Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Mon, 20 Jun 2016 11:48:28 +0200 Subject: [PATCH] fix admin was not able to see devices and logs of an other user, if he opened that users preferences via admin context-menu --- api/src/CalDAV/Hooks.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/api/src/CalDAV/Hooks.php b/api/src/CalDAV/Hooks.php index 512b0fa0f9..4fd3475054 100644 --- a/api/src/CalDAV/Hooks.php +++ b/api/src/CalDAV/Hooks.php @@ -107,10 +107,11 @@ class Hooks $logs = array(); if (file_exists($log_dir=$GLOBALS['egw_info']['server']['files_dir'].'/groupdav') && ($files = scandir($log_dir))) { - $account_lid_len = strlen($GLOBALS['egw_info']['user']['account_lid']); + $account_lid = Api\Accounts::id2name($hook_data['account_id']); + $account_lid_len = strlen($account_lid); foreach($files as $log) { - if (substr($log,0,$account_lid_len+1) == $GLOBALS['egw_info']['user']['account_lid'].'-' && + if (substr($log,0,$account_lid_len+1) == $account_lid.'-' && substr($log,-4) == '.log') { $logs['groupdav/'.$log] = Api\DateTime::to(filemtime($log_dir.'/'.$log)).': '. @@ -153,7 +154,9 @@ class Hooks public static function log() { $filename = $_GET['filename']; - if (!preg_match('|^groupdav/'.preg_quote($GLOBALS['egw_info']['user']['account_lid'],'|').'-[^/]+\.log$|',$filename)) + $matches = null; + if (!preg_match('|^groupdav/'.($GLOBALS['egw_info']['user']['apps']['admin'] ? '[^-]+' : + preg_quote($GLOBALS['egw_info']['user']['account_lid'], '|')).'-(.*)\.log$|', $filename, $matches)) { throw new Api\Exception\WrongParameter("Access denied to file '$filename'!"); } @@ -161,8 +164,7 @@ class Hooks body { background-color: #e0e0e0; overflow: hidden; } pre.tail { background-color: white; padding-left: 5px; margin-left: 5px; } '; - $header = str_replace('!','/',substr($filename,10+strlen($GLOBALS['egw_info']['user']['account_lid']),-4)); $tail = new Api\Json\Tail($filename); - $GLOBALS['egw']->framework->render($tail->show($header),false,false); + $GLOBALS['egw']->framework->render($tail->show(str_replace('!', '/', $matches[1])),false,false); } } \ No newline at end of file