tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

BUGFIX: Don't let non ADMINs with permission-editing rights assign themselves ADMIN permissions. (from r89805) (from r96718)

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102341 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2010-04-12 01:47:48 +00:00
parent 19911cd241
commit 920f0aaa1a
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
security/Permission.php
View File

@ -489,7 +489,7 @@ class Permission extends DataObject {
'help' => null, 'help' => null,
'sort' => 100000 'sort' => 100000
); );
if($classes) foreach($classes as $class) { if($classes) foreach($classes as $class) {
$SNG = singleton($class); $SNG = singleton($class);
if($SNG instanceof TestOnly) continue; if($SNG instanceof TestOnly) continue;
@ -533,6 +533,9 @@ class Permission extends DataObject {
'sort' => 0 'sort' => 0
); );
} }
// Don't let people hijack ADMIN rights
if(!Permission::check("ADMIN")) unset($allCodes['ADMIN']);
ksort($allCodes); ksort($allCodes);