[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SF.net SVN: ledger-smb:[5052] branches/1.3
- Subject: SF.net SVN: ledger-smb:[5052] branches/1.3
- From: ..hidden..
- Date: Sat, 28 Jul 2012 01:01:56 +0000
Revision: 5052
http://ledger-smb.svn.sourceforge.net/ledger-smb/?rev=5052&view=rev
Author: einhverfr
Date: 2012-07-28 01:01:55 +0000 (Sat, 28 Jul 2012)
Log Message:
-----------
Correcting inadequate permissions check on saving defaults
Modified Paths:
--------------
branches/1.3/Changelog
branches/1.3/LedgerSMB/AM.pm
branches/1.3/LedgerSMB/Form.pm
Modified: branches/1.3/Changelog
===================================================================
--- branches/1.3/Changelog 2012-07-27 10:49:07 UTC (rev 5051)
+++ branches/1.3/Changelog 2012-07-28 01:01:55 UTC (rev 5052)
@@ -18,6 +18,8 @@
* Fixed internal server errors with date parsing (Chris T, 3546698)
* Fixed "Directory Transversal Not Allowed w/fs_cssdir (Chris T, h/t Robert C)
* Fixed customer/vendor cleared on ship/receive update (Chris T, 3548104)
+* Fixed insufficient permissions check in System/Defaults (Chris T)
+* Added missing ap_transaction_all role (Chris T, h/t Erik H)
Changelog for 1.3.20
* Fixes for es_AR translation, duplicate keys removed (Andres B)
Modified: branches/1.3/LedgerSMB/AM.pm
===================================================================
--- branches/1.3/LedgerSMB/AM.pm 2012-07-27 10:49:07 UTC (rev 5051)
+++ branches/1.3/LedgerSMB/AM.pm 2012-07-28 01:01:55 UTC (rev 5052)
@@ -1676,6 +1676,10 @@
my ( $self, $myconfig, $form, $defaults) = @_;
+ my @roles = @{$form->{_roles}};
+ $form->error('Access Denied') unless grep /system_settings_change/, @roles;
+
+
for (qw(inventory income expense fxgain fxloss)) {
( $form->{$_ . "_accno_id"} ) = split /--/, $form->{$_ . "_accno_id"};
}
Modified: branches/1.3/LedgerSMB/Form.pm
===================================================================
--- branches/1.3/LedgerSMB/Form.pm 2012-07-27 10:49:07 UTC (rev 5051)
+++ branches/1.3/LedgerSMB/Form.pm 2012-07-28 01:01:55 UTC (rev 5052)
@@ -1427,7 +1427,11 @@
# Roles tracking
$self->{_roles} = [];
$query = "select rolname from pg_roles
- where pg_has_role(SESSION_USER, 'USAGE')";
+ where pg_has_role(rolname, 'USAGE')
+ and rolname like
+ coalesce((select value from defaults
+ where setting_key = 'role_prefix'),
+ 'lsmb_' || current_database() || '__') || '%'";
$sth = $dbh->prepare($query);
$sth->execute();
while (my @roles = $sth->fetchrow_array){
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.