Zeile 6 | Zeile 6 |
---|
* Website: http://mybb.com * License: http://mybb.com/about/license *
|
* Website: http://mybb.com * License: http://mybb.com/about/license *
|
* $Id: functions.php 5380 2011-02-21 12:04:43Z Tomm $
| * $Id: functions.php 5544 2011-08-08 15:41:40Z Tomm $
|
*/
/**
| */
/**
|
Zeile 349 | Zeile 349 |
---|
* * @param array Array containing module and action to check for */
|
* * @param array Array containing module and action to check for */
|
function check_admin_permissions($action)
| function check_admin_permissions($action, $error = true)
|
{ global $mybb, $page, $lang, $modules_dir;
| { global $mybb, $page, $lang, $modules_dir;
|
Zeile 365 | Zeile 365 |
---|
$permissions = $func(); if($permissions['permissions'][$action['action']] && $mybb->admin['permissions'][$action['module']][$action['action']] != 1) {
|
$permissions = $func(); if($permissions['permissions'][$action['action']] && $mybb->admin['permissions'][$action['module']][$action['action']] != 1) {
|
$page->output_header($lang->access_denied); $page->add_breadcrumb_item($lang->access_denied, "index.php?module=home-index"); $page->output_error("<b>{$lang->access_denied}</b><ul><li style=\"list-style-type: none;\">{$lang->access_denied_desc}</li></ul>"); $page->output_footer(); exit;
| if($error) { $page->output_header($lang->access_denied); $page->add_breadcrumb_item($lang->access_denied, "index.php?module=home-index"); $page->output_error("<b>{$lang->access_denied}</b><ul><li style=\"list-style-type: none;\">{$lang->access_denied_desc}</li></ul>"); $page->output_footer(); exit; } else { return false; }
|
} }
| } }
|
Zeile 386 | Zeile 393 |
---|
function get_admin_permissions($get_uid="", $get_gid="") { global $db, $mybb;
|
function get_admin_permissions($get_uid="", $get_gid="") { global $db, $mybb;
|
|
|
// Set UID and GID if none $uid = $get_uid; $gid = $get_gid;
|
// Set UID and GID if none $uid = $get_uid; $gid = $get_gid;
|
|
|
$gid_array = array(); if($uid === "")
|
$gid_array = array(); if($uid === "")
|
{
| {
|
$uid = $mybb->user['uid']; }
| $uid = $mybb->user['uid']; }
|
Zeile 402 | Zeile 409 |
---|
{ // Prepare user's groups since the group isn't specified $gid_array[] = (-1) * intval($mybb->user['usergroup']);
|
{ // Prepare user's groups since the group isn't specified $gid_array[] = (-1) * intval($mybb->user['usergroup']);
|
|
|
if($mybb->user['additionalgroups']) { $additional_groups = explode(',', $mybb->user['additionalgroups']);
| if($mybb->user['additionalgroups']) { $additional_groups = explode(',', $mybb->user['additionalgroups']);
|
Zeile 500 | Zeile 507 |
---|
if(isset($final_group_perms)) { return $final_group_perms;
|
if(isset($final_group_perms)) { return $final_group_perms;
|
}
| }
|
else { return $perms_def;
| else { return $perms_def;
|
Zeile 564 | Zeile 571 |
---|
if($adminoption['uid'] == 0) { $adminoption['permissions'][$tab][$page] = 0;
|
if($adminoption['uid'] == 0) { $adminoption['permissions'][$tab][$page] = 0;
|
} else
| } else
|
{ $adminoption['permissions'][$tab][$page] = $default; }
| { $adminoption['permissions'][$tab][$page] = $default; }
|
Zeile 631 | Zeile 638 |
---|
} }
|
} }
|
| return false; }
/** * Checks whether there are any 'security' issues in templates via complex syntax * * @param string The template to be scanned * @return boolean A true/false depending on if an issue was detected */ function check_template($template) { // Check to see if our database password is in the template if(preg_match("#database'?\\s*\]\\s*\[\\s*'?password#", $template)) { return true; }
// Any other malicious acts? // Courtesy of ZiNgA BuRgA if(preg_match("~\\{\\$.+?\\}~s", preg_replace('~\\{\\$+[a-zA-Z_][a-zA-Z_0-9]*((?:-\\>|\\:\\:)\\$*[a-zA-Z_][a-zA-Z_0-9]*|\\[\s*\\$*([\'"]?)[a-zA-Z_ 0-9 ]+\\2\\]\s*)*\\}~', '', $template))) { return true; }
|
return false; }
| return false; }
|