Harden the security with specific permissions for domains, domain settings and default settings. Everyone using multi-tenant are encouraged to update. Run Upgrade Schema on wiki.fusionpbx.com. After updating go to advanced -> group manager click on the superadmin group and then select the permissions for domains, domains settings, and default settings. Logout and back in.

core/default_settings/default_settings_delete.php

@@ -26,7 +26,7 @@
 require_once "root.php";
 require_once "includes/require.php";
 require_once "includes/checkauth.php";
-if (if_group("admin") || if_group("superadmin")) {
+if (permission_exists('default_setting_delete')) {
 	//access granted
 }
 else {
@@ -39,6 +39,7 @@ if (count($_GET)>0) {
 }
 
 if (strlen($id)>0) {
+	//delete default_setting
 	$sql = "delete from v_default_settings ";
 	$sql .= "where default_setting_uuid = '$id' ";
 	$prep_statement = $db->prepare(check_sql($sql));
@@ -46,12 +47,13 @@ if (strlen($id)>0) {
 	unset($sql);
 }
 
-require_once "includes/header.php";
-echo "<meta http-equiv=\"refresh\" content=\"2;url=default_settings.php\">\n";
-echo "<div align='center'>\n";
-echo "Delete Complete\n";
-echo "</div>\n";
-require_once "includes/footer.php";
-return;
+//redirect the user
+	require_once "includes/header.php";
+	echo "<meta http-equiv=\"refresh\" content=\"2;url=default_settings.php\">\n";
+	echo "<div align='center'>\n";
+	echo "Delete Complete\n";
+	echo "</div>\n";
+	require_once "includes/footer.php";
+	return;
 
 ?>