From c15b80c30c6d286a3ed719475b2595e121b9e390 Mon Sep 17 00:00:00 2001
From: marj <marj@e107.org>
Date: Tue, 29 Sep 2009 09:25:35 +0000
Subject: [PATCH] Add a security layer to getperms()

---
 class2.php | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/class2.php b/class2.php
index 9ed97a2c5..b924ad5ba 100644
--- a/class2.php
+++ b/class2.php
@@ -9,9 +9,9 @@
 * General purpose file
 *
 * $Source: /cvs_backup/e107_0.8/class2.php,v $
-* $Revision: 1.146 $
-* $Date: 2009-09-25 20:21:30 $
-* $Author: secretr $
+* $Revision: 1.147 $
+* $Date: 2009-09-29 09:25:07 $
+* $Author: marj_nl_fr $
 *
 */
 //
@@ -1346,7 +1346,7 @@ function check_class($var, $userclass = USERCLASS_LIST, $uid = 0)
 
 function getperms($arg, $ap = ADMINPERMS)
 {
-	if (trim($ap) === '')
+	if( ! ADMIN || trim($ap) === '')
 	{
 		return false;
 	}
@@ -1356,14 +1356,14 @@ function getperms($arg, $ap = ADMINPERMS)
 		return true;
 	}
 
-	$ap='.'.$ap;
+	$ap = '.'.$ap;
 	if ($arg == 'P' && preg_match("#(.*?)/".e107::getInstance()->getFolder('plugins')."(.*?)/(.*?)#", e_SELF, $matches))
 	{
-		$psql=new db;
+		$psql = new db;
 		if ($psql->db_Select('plugin', 'plugin_id', "plugin_path = '".$matches[2]."' "))
 		{
-			$row=$psql->db_Fetch();
-			$arg='P'.$row[0];
+			$row = $psql->db_Fetch();
+			$arg = 'P'.$row[0];
 		}
 	}
 
@@ -1372,9 +1372,9 @@ function getperms($arg, $ap = ADMINPERMS)
 	{
 		return true;
 	}
-    elseif(strpos($arg,"|")) // check for multiple perms - separated by '|'.
+    elseif(strpos($arg, "|")) // check for multiple perms - separated by '|'.
 	{
-    	$tmp = explode("|",$arg);
+    	$tmp = explode("|", $arg);
 		foreach($tmp as $val)
 		{
             if (strpos($ap, '.'.$val.'.') !== false)