tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-27 15:54:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix users vulnerabilities and bugs

Browse Source
This commit is contained in:
Calvo 2022-03-10 07:57:34 +01:00
parent 036e2e3d6c
commit ec9936bd59
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pandora_console/godmode/users/configure_user.php
View File

@ -327,7 +327,7 @@ if ($create_user) {
if (users_is_admin() === false && $user_is_admin !== 0) { if (users_is_admin() === false && $user_is_admin !== 0) {
db_pandora_audit( db_pandora_audit(
AUDIT_LOG_ACL_VIOLATION, AUDIT_LOG_ACL_VIOLATION,
'Trying to create with administrator privileges to user by non administrator user '.$config['id_user'], 'Trying to create with administrator privileges to user by non administrator user '.$config['id_user']
); );
include 'general/noaccess.php'; include 'general/noaccess.php';
@ -551,7 +551,7 @@ if ($update_user) {
if (users_is_admin() === false && (bool) $values['is_admin'] !== false) { if (users_is_admin() === false && (bool) $values['is_admin'] !== false) {
db_pandora_audit( db_pandora_audit(
AUDIT_LOG_ACL_VIOLATION, AUDIT_LOG_ACL_VIOLATION,
'Trying to add administrator privileges to user by non administrator user '.$config['id_user'], 'Trying to add administrator privileges to user by non administrator user '.$config['id_user']
); );
include 'general/noaccess.php'; include 'general/noaccess.php';

4
pandora_console/godmode/users/user_list.php
View File

@ -268,7 +268,7 @@ if ($delete_user === true) {
if (users_is_admin($id_user) === true && users_is_admin() === false) { if (users_is_admin($id_user) === true && users_is_admin() === false) {
db_pandora_audit( db_pandora_audit(
AUDIT_LOG_ACL_VIOLATION, AUDIT_LOG_ACL_VIOLATION,
'Trying to delete admininstrator user by non administrator user '.$config['id_user'], 'Trying to delete admininstrator user by non administrator user '.$config['id_user']
); );
include 'general/noaccess.php'; include 'general/noaccess.php';
@ -347,7 +347,7 @@ if ($delete_user === true) {
if (users_is_admin($id_user) === true && users_is_admin() === false) { if (users_is_admin($id_user) === true && users_is_admin() === false) {
db_pandora_audit( db_pandora_audit(
AUDIT_LOG_ACL_VIOLATION, AUDIT_LOG_ACL_VIOLATION,
'Trying to disable admininstrator user by non administrator user '.$config['id_user'], 'Trying to disable admininstrator user by non administrator user '.$config['id_user']
); );
include 'general/noaccess.php'; include 'general/noaccess.php';