Commit cd5b0e737c73d14b4e04f2e6aa41201fe718e2b8
1 parent
cac2c7ae
KTS-3171
"Add extra validation for Permission::userIsSystemAdministrator()" Updated. Committed By: Conrad Vermeulen Reviewed By: Megan Watson git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@8264 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
7 additions
and
0 deletions
lib/security/Permission.inc
| ... | ... | @@ -118,7 +118,14 @@ class Permission { |
| 118 | 118 | if ($iUserID == '') { |
| 119 | 119 | $iUserID = $_SESSION['userID']; |
| 120 | 120 | } |
| 121 | + if (empty($iUserID)) { | |
| 122 | + return false; | |
| 123 | + } | |
| 121 | 124 | $iUserID = KTUtil::getId($iUserID); |
| 125 | + if (PEAR::isError($iUserID)) | |
| 126 | + { | |
| 127 | + return false; | |
| 128 | + } | |
| 122 | 129 | |
| 123 | 130 | $query = 'SELECT UGL.group_id |
| 124 | 131 | FROM '.$default->users_groups_table.' AS UGL | ... | ... |