Inicio Explorar Axuda
Iniciar sesión
fusionpbx
/
fusionpbx-framework
réplica de https://github.com/fusionpbx/fusionpbx-framework.git
2
0
Fork 0
Ficheiros Incidencias 0 Wiki
Explorar o código

Settings: Only allow Admin to Add/Edit authorized settings.

reliberate %!s(int64=9) %!d(string=hai) anos
pai
88cc20ecc8
achega
bf1eac12dd
Modificáronse 2 ficheiros con 4 adicións e 4 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 2 2
      core/domain_settings/domain_setting_edit.php
  2. 2 2
      core/users/user_setting_edit.php

+ 2 - 2
core/domain_settings/domain_setting_edit.php
Ver ficheiro 

@@ -89,8 +89,8 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
 
 		$domain_setting_uuid = check_str($_POST["domain_setting_uuid"]);
 
 	}
 
 
-	//check for all required data
 
-		if (strlen($domain_setting_category) == 0) { $msg .= $text['message-required'].$text['label-category']."<br>\n"; }
 
+	//check for all required/authorized data
 
+		if (strlen($domain_setting_category) == 0 || (is_array($allowed_categories) && sizeof($allowed_categories) > 0 && !in_array(strtolower($domain_setting_category), $allowed_categories))) { $msg .= $text['message-required'].$text['label-category']."<br>\n"; }
 
 		if (strlen($domain_setting_subcategory) == 0) { $msg .= $text['message-required'].$text['label-subcategory']."<br>\n"; }
 
 		if (strlen($domain_setting_name) == 0) { $msg .= $text['message-required'].$text['label-type']."<br>\n"; }
 
 		//if (strlen($domain_setting_value) == 0) { $msg .= $text['message-required'].$text['label-value']."<br>\n"; }

+ 2 - 2
core/users/user_setting_edit.php
Ver ficheiro 

@@ -89,8 +89,8 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
 
 		$user_setting_uuid = check_str($_POST["user_setting_uuid"]);
 
 	}
 
 
-	//check for all required data
 
-		if (strlen($user_setting_category) == 0) { $msg .= $text['message-required'].$text['label-category']."<br>\n"; }
 
+	//check for all required/authorized data
 
+		if (strlen($user_setting_category) == 0 || (is_array($allowed_categories) && sizeof($allowed_categories) > 0 && !in_array(strtolower($user_setting_category), $allowed_categories))) { $msg .= $text['message-required'].$text['label-category']."<br>\n"; }
 
 		if (strlen($user_setting_subcategory) == 0) { $msg .= $text['message-required'].$text['label-subcategory']."<br>\n"; }
 
 		if (strlen($user_setting_name) == 0) { $msg .= $text['message-required'].$text['label-type']."<br>\n"; }
 
 		//if (strlen($user_setting_value) == 0) { $msg .= $text['message-required'].$text['label-value']."<br>\n"; }