Browse Source

Fix CWE-269 huntr

Laurent Destailleur 4 years ago
parent
commit
4df70dc3f4

+ 1 - 1
htdocs/ecm/dir_add_card.php

@@ -188,7 +188,7 @@ if ($action == 'add' && $permtoadd) {
 			exit;
 		}
 	}
-} elseif ($action == 'confirm_deletesection' && $confirm == 'yes') {
+} elseif ($action == 'confirm_deletesection' && $confirm == 'yes' && $permtoadd) {
 	// Deleting file
 	$result = $ecmdir->delete($user);
 	setEventMessages($langs->trans("ECMSectionWasRemoved", $ecmdir->label), null, 'mesgs');

+ 10 - 4
htdocs/ecm/dir_card.php

@@ -88,17 +88,23 @@ if ($module == 'ecm') {
 }
 
 // Permissions
+$permtoread = 0;
 $permtoadd = 0;
 $permtoupload = 0;
 if ($module == 'ecm') {
+	$permtoread = $user->rights->ecm->read;
 	$permtoadd = $user->rights->ecm->setup;
 	$permtoupload = $user->rights->ecm->upload;
 }
 if ($module == 'medias') {
+	$permtoread = ($user->rights->mailing->lire || $user->rights->website->read);
 	$permtoadd = ($user->rights->mailing->creer || $user->rights->website->write);
 	$permtoupload = ($user->rights->mailing->creer || $user->rights->website->write);
 }
 
+if (!$permtoread) {
+	accessforbidden();
+}
 
 
 /*
@@ -106,7 +112,7 @@ if ($module == 'medias') {
  */
 
 // Upload file
-if (GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC)) {
+if (GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC) && $permtoupload) {
 	if (dol_mkdir($upload_dir) >= 0) {
 		$resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir."/".dol_unescapefile($_FILES['userfile']['name']), 0, 0, $_FILES['userfile']['error']);
 		if (is_numeric($resupload) && $resupload > 0) {
@@ -131,7 +137,7 @@ if (GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC)) {
 }
 
 // Remove file
-if ($action == 'confirm_deletefile' && $confirm == 'yes') {
+if ($action == 'confirm_deletefile' && $confirm == 'yes' && $permtoupload) {
 	$langs->load("other");
 	$file = $upload_dir."/".GETPOST('urlfile'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
 	$ret = dol_delete_file($file);
@@ -145,7 +151,7 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes') {
 }
 
 // Remove dir
-if ($action == 'confirm_deletedir' && $confirm == 'yes') {
+if ($action == 'confirm_deletedir' && $confirm == 'yes' && $permtoupload) {
 	$backtourl = DOL_URL_ROOT."/ecm/index.php";
 	if ($module == 'medias') {
 		$backtourl = DOL_URL_ROOT."/website/index.php?file_manager=1";
@@ -181,7 +187,7 @@ if ($action == 'confirm_deletedir' && $confirm == 'yes') {
 }
 
 // Update dirname or description
-if ($action == 'update' && !GETPOST('cancel', 'alpha')) {
+if ($action == 'update' && !GETPOST('cancel', 'alpha') && $permtoadd) {
 	$error = 0;
 
 	if ($module == 'ecm') {

+ 9 - 5
htdocs/ecm/file_card.php

@@ -36,10 +36,6 @@ $action = GETPOST('action', 'aZ09');
 $cancel = GETPOST('cancel', 'alpha');
 $backtopage = GETPOST('backtopage', 'alpha');
 
-if (!$user->rights->ecm->setup) {
-	accessforbidden();
-}
-
 // Get parameters
 $socid = GETPOST("socid", "int");
 
@@ -105,6 +101,14 @@ if ($result < 0) {
 	exit;
 }
 
+// Permissions
+$permtoread = $user->rights->ecm->read;
+$permtoadd = $user->rights->ecm->setup;
+$permtoupload = $user->rights->ecm->upload;
+
+if (!$permtoread) {
+	accessforbidden();
+}
 
 
 /*
@@ -123,7 +127,7 @@ if ($cancel) {
 }
 
 // Rename file
-if ($action == 'update') {
+if ($action == 'update' && $permtoadd) {
 	$error = 0;
 
 	$oldlabel = GETPOST('urlfile', 'alpha');

+ 8 - 5
htdocs/ecm/file_note.php

@@ -22,7 +22,7 @@
 /**
  *  \file       htdocs/ecm/file_note.php
  *  \ingroup    ecm
- *  \brief      Fiche de notes sur une ecm file
+ *  \brief      Tab for notes on an ECM file
  */
 
 require '../main.inc.php';
@@ -39,10 +39,6 @@ $ref = GETPOST('ref', 'alpha');
 $socid = GETPOST('socid', 'int');
 $action = GETPOST('action', 'aZ09');
 
-if (!$user->rights->ecm->setup) {
-	accessforbidden();
-}
-
 // Get parameters
 $socid = GETPOST("socid", "int");
 // Security check
@@ -109,6 +105,13 @@ if ($result < 0) {
 
 $permissionnote = $user->rights->ecm->setup; // Used by the include of actions_setnotes.inc.php
 
+$permtoread = $user->rights->ecm->read;
+
+if (!$permtoread) {
+	accessforbidden();
+}
+
+
 /*
  * Actions
  */

+ 6 - 6
htdocs/ecm/index.php

@@ -34,12 +34,6 @@ require_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmdirectory.class.php';
 // Load translation files required by the page
 $langs->loadLangs(array("ecm", "companies", "other", "users", "orders", "propal", "bills", "contracts"));
 
-// Security check
-if ($user->socid) {
-	$socid = $user->socid;
-}
-$result = restrictedArea($user, 'ecm', 0);
-
 // Get parameters
 $socid = GETPOST('socid', 'int');
 $action = GETPOST('action', 'aZ09');
@@ -81,6 +75,12 @@ $userstatic = new User($db);
 
 $error = 0;
 
+// Security check
+if ($user->socid) {
+	$socid = $user->socid;
+}
+$result = restrictedArea($user, 'ecm', 0);
+
 
 /*
  *	Actions

+ 6 - 0
htdocs/ecm/search.php

@@ -84,6 +84,12 @@ if (!empty($section)) {
 	}
 }
 
+$permtoread = $user->rights->ecm->read;
+
+if (!$permtoread) {
+	accessforbidden();
+}
+
 
 /*
  * Actions