mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-07-31 03:40:37 +02:00
Code Issues Releases Wiki Activity

global variable killed, additional getperms() security

Browse Source
This commit is contained in:
secretr
2009-09-12 16:42:44 +00:00
parent 891176fa97
commit bf4a817ffe
1 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
class2.php
View File

@@ -9,9 +9,9 @@
* General purpose file * General purpose file
* *
* $Source: /cvs_backup/e107_0.8/class2.php,v $ * $Source: /cvs_backup/e107_0.8/class2.php,v $
* $Revision: 1.140 $ * $Revision: 1.141 $
* $Date: 2009-09-10 10:23:12 $ * $Date: 2009-09-12 16:42:44 $
* $Author: e107coders $ * $Author: secretr $
* *
*/ */
// //
@@ -1334,17 +1334,18 @@ function check_class($var, $userclass = USERCLASS_LIST, $uid = 0)
function getperms($arg, $ap = ADMINPERMS) function getperms($arg, $ap = ADMINPERMS)
{ {
global $PLUGINS_DIRECTORY; if (trim($ap) === '')
if ($ap == '0')
{
return true;
}
if ($ap == '')
{ {
return false; return false;
} }
if ($ap === '0')
{
return true;
}
$ap='.'.$ap; $ap='.'.$ap;
if ($arg == 'P' && preg_match("#(.*?)/".$PLUGINS_DIRECTORY."(.*?)/(.*?)#", e_SELF, $matches)) if ($arg == 'P' && preg_match("#(.*?)/".e107::getInstance()->getFolder('plugins')."(.*?)/(.*?)#", e_SELF, $matches))
{ {
$psql=new db; $psql=new db;
if ($psql->db_Select('plugin', 'plugin_id', "plugin_path = '".$matches[2]."' ")) if ($psql->db_Select('plugin', 'plugin_id', "plugin_path = '".$matches[2]."' "))