[Mapbender-commits] r2142 - branches/2.5/http/php

svn_mapbender at osgeo.org svn_mapbender at osgeo.org
Fri Feb 22 10:11:53 EST 2008 

Author: christoph
Date: 2008-02-22 10:11:53 -0500 (Fri, 22 Feb 2008)
New Revision: 2142

Modified:
   branches/2.5/http/php/mb_validatePermission.php
   branches/2.5/http/php/mb_validateSession.php
Log:
validatePermission now includes validateSession (formerly duplicate code)

validateSession also checks guiID, not only gui_id

Modified: branches/2.5/http/php/mb_validatePermission.php
===================================================================
--- branches/2.5/http/php/mb_validatePermission.php	2008-02-22 14:54:49 UTC (rev 2141)
+++ branches/2.5/http/php/mb_validatePermission.php	2008-02-22 15:11:53 UTC (rev 2142)
@@ -17,23 +17,12 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 
-session_start();
-include_once(dirname(__FILE__)."/../../conf/mapbender.conf");
-include_once(dirname(__FILE__)."/../classes/class_administration.php");
-if(!isset($_SESSION["mb_user_id"]) || !isset($_SESSION["mb_user_ip"]) || $_SESSION['mb_user_ip'] != $_SERVER['REMOTE_ADDR']){
-	header("Location: ".LOGIN);
-	exit;
-	die();
-}
-if(isset($_REQUEST["gui_id"])){
-	if( !in_array($_REQUEST["gui_id"],$_SESSION["mb_user_guis"])){
-		header("Location: ".LOGIN);
-		exit;
-		die();
-	}
-}
+require(dirname(__FILE__)."/../php/mb_validateSession.php");
+require_once(dirname(__FILE__)."/../classes/class_administration.php");
+
 $n = new administration();
-$m = $n->getModulPermission($_SESSION["mb_user_id"],$_REQUEST["guiID"],$_REQUEST["elementID"]);
+$m = $n->getModulPermission($_SESSION["mb_user_id"],$_REQUEST["guiID"],$_REQUEST["elementID"]) || 
+		$n->getModulPermission($_SESSION["mb_user_id"],$_REQUEST["gui_id"],$_REQUEST["elementID"]);
 if($m == false){
 	header("Location: ".LOGIN);
 	exit;

Modified: branches/2.5/http/php/mb_validateSession.php
===================================================================
--- branches/2.5/http/php/mb_validateSession.php	2008-02-22 14:54:49 UTC (rev 2141)
+++ branches/2.5/http/php/mb_validateSession.php	2008-02-22 15:11:53 UTC (rev 2142)
@@ -18,14 +18,20 @@
 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 
 session_start();
-include_once(dirname(__FILE__)."/../../conf/mapbender.conf");
+require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
+
+$urlParameters = SID . "&guiID=" . $_REQUEST["guiID"] . "&elementID=" . $_REQUEST["elementID"];
+$self = $PHP_SELF . "?" . $urlParameters;
+
 if(!isset($_SESSION["mb_user_id"]) || !isset($_SESSION["mb_user_ip"]) || $_SESSION['mb_user_ip'] != $_SERVER['REMOTE_ADDR']){
 	header("Location: ".LOGIN);
 	exit;
 	die();
 }
-if(isset($_REQUEST["gui_id"])){
-	if( !in_array($_REQUEST["gui_id"],$_SESSION["mb_user_guis"])){
+
+if(isset($_REQUEST["gui_id"]) || isset($_REQUEST["guiID"])){
+	if( !in_array($_REQUEST["gui_id"],$_SESSION["mb_user_guis"]) && 
+		!in_array($_REQUEST["guiID"],$_SESSION["mb_user_guis"])){
 		header("Location: ".LOGIN);
 		exit;
 		die();

More information about the Mapbender_commits mailing list