| [vhffs-dev] [972] Well, any user was able to manage any group by tricking the panel, ALL VHFFS 4.1 USERS SHOULD UPGRADE ASAP. |
[ Thread Index |
Date Index
| More vhffs.org/vhffs-dev Archives
]
- To: vhffs-dev@xxxxxxxxx
- Subject: [vhffs-dev] [972] Well, any user was able to manage any group by tricking the panel, ALL VHFFS 4.1 USERS SHOULD UPGRADE ASAP.
- From: subversion@xxxxxxxxxxxxx
- Date: Mon, 08 Oct 2007 23:48:28 +0200
Revision: 972
Author: gradator
Date: 2007-10-08 21:48:27 +0000 (Mon, 08 Oct 2007)
Log Message:
-----------
Well, any user was able to manage any group by tricking the panel, ALL VHFFS 4.1 USERS SHOULD UPGRADE ASAP.
Modified Paths:
--------------
trunk/vhffs-api/src/Vhffs/Group.pm
Modified: trunk/vhffs-api/src/Vhffs/Group.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Group.pm 2007-10-08 13:02:00 UTC (rev 971)
+++ trunk/vhffs-api/src/Vhffs/Group.pm 2007-10-08 21:48:27 UTC (rev 972)
@@ -260,16 +260,19 @@
}
+
sub is_user_in_group
{
my $self = shift;
my $user = shift;
+
my $query ='SELECT COUNT(*) FROM vhffs_user_group WHERE gid=? AND uid=?';
- my $request = $self->{'db'}->prepare( $query );
- $request->execute( $self->get_gid, $user->get_uid );
- my ( $rows ) = $request->fetchrow();
+ my $request = $self->{'db'}->prepare( $query );
+ $request->execute( $self->get_gid, $user->get_uid );
+ my ( $rows ) = $request->fetchrow();
+
return 1 if( $rows == 1 );
- return -1;
+ return 0;
}