Home Explore Help
Sign In
iProspective
/
dolibarr
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix CWE-269 huntr

Laurent Destailleur 4 years ago
parent
11fa523070
commit
4df70dc3f4
6 changed files with 40 additions and 21 deletions
Split View Show Diff Stats
  1. 1 1
      htdocs/ecm/dir_add_card.php
  2. 10 4
      htdocs/ecm/dir_card.php
  3. 9 5
      htdocs/ecm/file_card.php
  4. 8 5
      htdocs/ecm/file_note.php
  5. 6 6
      htdocs/ecm/index.php
  6. 6 0
      htdocs/ecm/search.php

+ 1 - 1
htdocs/ecm/dir_add_card.php
View File 

@@ -188,7 +188,7 @@ if ($action == 'add' && $permtoadd) {
 
 			exit;
 
 		}
 
 	}
 
-} elseif ($action == 'confirm_deletesection' && $confirm == 'yes') {
 
+} elseif ($action == 'confirm_deletesection' && $confirm == 'yes' && $permtoadd) {
 
 	// Deleting file
 
 	$result = $ecmdir->delete($user);
 
 	setEventMessages($langs->trans("ECMSectionWasRemoved", $ecmdir->label), null, 'mesgs');

+ 10 - 4
htdocs/ecm/dir_card.php
View File 

@@ -88,17 +88,23 @@ if ($module == 'ecm') {
 
 }
 
 
 // Permissions
 
+$permtoread = 0;
 
 $permtoadd = 0;
 
 $permtoupload = 0;
 
 if ($module == 'ecm') {
 
+	$permtoread = $user->rights->ecm->read;
 
 	$permtoadd = $user->rights->ecm->setup;
 
 	$permtoupload = $user->rights->ecm->upload;
 
 }
 
 if ($module == 'medias') {
 
+	$permtoread = ($user->rights->mailing->lire || $user->rights->website->read);
 
 	$permtoadd = ($user->rights->mailing->creer || $user->rights->website->write);
 
 	$permtoupload = ($user->rights->mailing->creer || $user->rights->website->write);
 
 }
 
 
+if (!$permtoread) {
 
+	accessforbidden();
 
+}
 
 
 
 /*
 
@@ -106,7 +112,7 @@ if ($module == 'medias') {
 
  */
 
 
 // Upload file
 
-if (GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC)) {
 
+if (GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC) && $permtoupload) {
 
 	if (dol_mkdir($upload_dir) >= 0) {
 
 		$resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir."/".dol_unescapefile($_FILES['userfile']['name']), 0, 0, $_FILES['userfile']['error']);
 
 		if (is_numeric($resupload) && $resupload > 0) {
 
@@ -131,7 +137,7 @@ if (GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC)) {
 
 }
 
 
 // Remove file
 
-if ($action == 'confirm_deletefile' && $confirm == 'yes') {
 
+if ($action == 'confirm_deletefile' && $confirm == 'yes' && $permtoupload) {
 
 	$langs->load("other");
 
 	$file = $upload_dir."/".GETPOST('urlfile'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
 
 	$ret = dol_delete_file($file);
 
@@ -145,7 +151,7 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes') {
 
 }
 
 
 // Remove dir
 
-if ($action == 'confirm_deletedir' && $confirm == 'yes') {
 
+if ($action == 'confirm_deletedir' && $confirm == 'yes' && $permtoupload) {
 
 	$backtourl = DOL_URL_ROOT."/ecm/index.php";
 
 	if ($module == 'medias') {
 
 		$backtourl = DOL_URL_ROOT."/website/index.php?file_manager=1";
 
@@ -181,7 +187,7 @@ if ($action == 'confirm_deletedir' && $confirm == 'yes') {
 
 }
 
 
 // Update dirname or description
 
-if ($action == 'update' && !GETPOST('cancel', 'alpha')) {
 
+if ($action == 'update' && !GETPOST('cancel', 'alpha') && $permtoadd) {
 
 	$error = 0;
 
 
 	if ($module == 'ecm') {

+ 9 - 5
htdocs/ecm/file_card.php
View File 

@@ -36,10 +36,6 @@ $action = GETPOST('action', 'aZ09');
 
 $cancel = GETPOST('cancel', 'alpha');
 
 $backtopage = GETPOST('backtopage', 'alpha');
 
 
-if (!$user->rights->ecm->setup) {
 
-	accessforbidden();
 
-}
 
-
 
 // Get parameters
 
 $socid = GETPOST("socid", "int");
 
 
@@ -105,6 +101,14 @@ if ($result < 0) {
 
 	exit;
 
 }
 
 
+// Permissions
 
+$permtoread = $user->rights->ecm->read;
 
+$permtoadd = $user->rights->ecm->setup;
 
+$permtoupload = $user->rights->ecm->upload;
 
+
 
+if (!$permtoread) {
 
+	accessforbidden();
 
+}
 
 
 
 /*
 
@@ -123,7 +127,7 @@ if ($cancel) {
 
 }
 
 
 // Rename file
 
-if ($action == 'update') {
 
+if ($action == 'update' && $permtoadd) {
 
 	$error = 0;
 
 
 	$oldlabel = GETPOST('urlfile', 'alpha');

+ 8 - 5
htdocs/ecm/file_note.php
View File 

@@ -22,7 +22,7 @@
 
 /**
 
  *  \file       htdocs/ecm/file_note.php
 
  *  \ingroup    ecm
 
- *  \brief      Fiche de notes sur une ecm file
 
+ *  \brief      Tab for notes on an ECM file
 
  */
 
 
 require '../main.inc.php';
 
@@ -39,10 +39,6 @@ $ref = GETPOST('ref', 'alpha');
 
 $socid = GETPOST('socid', 'int');
 
 $action = GETPOST('action', 'aZ09');
 
 
-if (!$user->rights->ecm->setup) {
 
-	accessforbidden();
 
-}
 
-
 
 // Get parameters
 
 $socid = GETPOST("socid", "int");
 
 // Security check
 
@@ -109,6 +105,13 @@ if ($result < 0) {
 
 
 $permissionnote = $user->rights->ecm->setup; // Used by the include of actions_setnotes.inc.php
 
 
+$permtoread = $user->rights->ecm->read;
 
+
 
+if (!$permtoread) {
 
+	accessforbidden();
 
+}
 
+
 
+
 
 /*
 
  * Actions
 
  */

+ 6 - 6
htdocs/ecm/index.php
View File 

@@ -34,12 +34,6 @@ require_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmdirectory.class.php';
 
 // Load translation files required by the page
 
 $langs->loadLangs(array("ecm", "companies", "other", "users", "orders", "propal", "bills", "contracts"));
 
 
-// Security check
 
-if ($user->socid) {
 
-	$socid = $user->socid;
 
-}
 
-$result = restrictedArea($user, 'ecm', 0);
 
-
 
 // Get parameters
 
 $socid = GETPOST('socid', 'int');
 
 $action = GETPOST('action', 'aZ09');
 
@@ -81,6 +75,12 @@ $userstatic = new User($db);
 
 
 $error = 0;
 
 
+// Security check
 
+if ($user->socid) {
 
+	$socid = $user->socid;
 
+}
 
+$result = restrictedArea($user, 'ecm', 0);
 
+
 
 
 /*
 
  *	Actions

+ 6 - 0
htdocs/ecm/search.php
View File 

@@ -84,6 +84,12 @@ if (!empty($section)) {
 
 	}
 
 }
 
 
+$permtoread = $user->rights->ecm->read;
 
+
 
+if (!$permtoread) {
 
+	accessforbidden();
 
+}
 
+
 
 
 /*
 
  * Actions