nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2026-01-06 11:43:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Harden the security with specific permissions for domains, domain settings and default settings. Everyone using multi-tenant are encouraged to update. Run Upgrade Schema on wiki.fusionpbx.com. After updating go to advanced -> group manager click on the superadmin group and then select the permissions for domains, domains settings, and default settings. Logout and back in.

Browse Source
This commit is contained in:
Mark Crane
2012-09-27 00:34:10 +00:00
parent 6e662615d4
commit 23a2f84577
16 changed files with 161 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
core/domains/domain_settings_delete.php
View File

@@ -26,7 +26,7 @@
require_once "root.php";
require_once "includes/require.php";
require_once "includes/checkauth.php";
if (if_group("admin") || if_group("superadmin")) {
if (permission_exists('domain_setting_delete')) {
//access granted
}
else {
@@ -40,21 +40,22 @@ if (count($_GET)>0) {
}
if (strlen($id)>0) {
$sql = "";
$sql .= "delete from v_domain_settings ";
$sql .= "where domain_uuid = '$domain_uuid' ";
$sql .= "and domain_setting_uuid = '$id' ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
unset($sql);
//delete domain_setting
$sql = "delete from v_domain_settings ";
$sql .= "where domain_uuid = '$domain_uuid' ";
$sql .= "and domain_setting_uuid = '$id' ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
unset($sql);
}
require_once "includes/header.php";
echo "<meta http-equiv=\"refresh\" content=\"2;url=domains_edit.php?id=$domain_uuid\">\n";
echo "<div align='center'>\n";
echo "Delete Complete\n";
echo "</div>\n";
require_once "includes/footer.php";
return;
//redirect the user
require_once "includes/header.php";
echo "<meta http-equiv=\"refresh\" content=\"2;url=domains_edit.php?id=$domain_uuid\">\n";
echo "<div align='center'>\n";
echo "Delete Complete\n";
echo "</div>\n";
require_once "includes/footer.php";
return;
?>