Vergleich admin/inc/functions.php - 1.6.1 - 1.6.4

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 6Zeile 6
 * Website: http://mybb.com
* License: http://mybb.com/about/license
*

 * Website: http://mybb.com
* License: http://mybb.com/about/license
*

 * $Id: functions.php 5016 2010-06-12 00:24:02Z RyanGordon $

 * $Id: functions.php 5511 2011-07-25 07:53:32Z Tomm $

 */

/**

 */

/**

Zeile 349Zeile 349
 *
* @param array Array containing module and action to check for
*/

 *
* @param array Array containing module and action to check for
*/

function check_admin_permissions($action)

function check_admin_permissions($action, $error = true)

{
global $mybb, $page, $lang, $modules_dir;


{
global $mybb, $page, $lang, $modules_dir;


Zeile 365Zeile 365
		$permissions = $func();
if($permissions['permissions'][$action['action']] && $mybb->admin['permissions'][$action['module']][$action['action']] != 1)
{

		$permissions = $func();
if($permissions['permissions'][$action['action']] && $mybb->admin['permissions'][$action['module']][$action['action']] != 1)
{

			$page->output_header($lang->access_denied);
$page->add_breadcrumb_item($lang->access_denied, "index.php?module=home-index");
$page->output_error("<b>{$lang->access_denied}</b><ul><li style=\"list-style-type: none;\">{$lang->access_denied_desc}</li></ul>");
$page->output_footer();
exit;








			if($error)
{
$page->output_header($lang->access_denied);
$page->add_breadcrumb_item($lang->access_denied, "index.php?module=home-index");
$page->output_error("<b>{$lang->access_denied}</b><ul><li style=\"list-style-type: none;\">{$lang->access_denied_desc}</li></ul>");
$page->output_footer();
exit;
}
else
{
return false;
}

		}
}


		}
}


Zeile 386Zeile 393
function get_admin_permissions($get_uid="", $get_gid="")
{
global $db, $mybb;

function get_admin_permissions($get_uid="", $get_gid="")
{
global $db, $mybb;

	

	

	// Set UID and GID if none
$uid = $get_uid;
$gid = $get_gid;

	// Set UID and GID if none
$uid = $get_uid;
$gid = $get_gid;

	

	

	$gid_array = array();

if($uid === "")

	$gid_array = array();

if($uid === "")

	{

	{

		$uid = $mybb->user['uid'];
}


		$uid = $mybb->user['uid'];
}


Zeile 402Zeile 409
	{
// Prepare user's groups since the group isn't specified
$gid_array[] = (-1) * intval($mybb->user['usergroup']);

	{
// Prepare user's groups since the group isn't specified
$gid_array[] = (-1) * intval($mybb->user['usergroup']);

		

		

		if($mybb->user['additionalgroups'])
{
$additional_groups = explode(',', $mybb->user['additionalgroups']);

		if($mybb->user['additionalgroups'])
{
$additional_groups = explode(',', $mybb->user['additionalgroups']);

Zeile 500Zeile 507
		if(isset($final_group_perms))
{
return $final_group_perms;

		if(isset($final_group_perms))
{
return $final_group_perms;

		}

		}

		else
{
return $perms_def;

		else
{
return $perms_def;

Zeile 564Zeile 571
				if($adminoption['uid'] == 0)
{
$adminoption['permissions'][$tab][$page] = 0;

				if($adminoption['uid'] == 0)
{
$adminoption['permissions'][$tab][$page] = 0;

				}
else

				}
else

				{
$adminoption['permissions'][$tab][$page] = $default;
}

				{
$adminoption['permissions'][$tab][$page] = $default;
}

Zeile 631Zeile 638
		}
}


		}
}


 
	return false;
}

/**
* Checks whether there are any 'security' issues in templates via complex syntax
*
* @param string The template to be scanned
* @return boolean A true/false depending on if an issue was detected
*/
function check_template($template)
{
// Check to see of $config is in the template
if(preg_match("#\\\$(GLOBALS\\s*\\[\\s*'(GLOBALS|config)'\\s*\\]|(config|(GLOBALS\\s*\\[\\s*'mybb'\\s*\\]|mybb)\\s*->\\s*config)(?![A-Za-z0-9_]))#", $template))
{
return true;
}

// Any other malicious acts?
// Courtesy of ZiNgA BuRgA
if(preg_match("~\\{\\$.+?\\}~s", preg_replace('~\\{\\$+[a-zA-Z_][a-zA-Z_0-9]*((?:-\\>|\\:\\:)\\$*[a-zA-Z_][a-zA-Z_0-9]*|\\[\s*\\$*([\'"]?)[a-zA-Z_ 0-9 ]+\\2\\]\s*)*\\}~', '', $template)))
{
return true;
}


	return false;
}


	return false;
}