mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
BUGFIX: Don't let non ADMINs with permission-editing rights assign themselves ADMIN permissions. (from r89805) (from r96718)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102341 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
19911cd241
commit
920f0aaa1a
@ -534,6 +534,9 @@ class Permission extends DataObject {
|
||||
);
|
||||
}
|
||||
|
||||
// Don't let people hijack ADMIN rights
|
||||
if(!Permission::check("ADMIN")) unset($allCodes['ADMIN']);
|
||||
|
||||
ksort($allCodes);
|
||||
|
||||
foreach($allCodes as $category => $permissions) {
|
||||
|
Loading…
Reference in New Issue
Block a user