Extension: Update assigned Device line password only if user has permission to view/edit Extension password.

2025-12-30 00:53:50 +00:00 · 2016-06-06 14:36:31 -06:00
parent 692c5c36be
commit e450022cd8
1 changed files with 9 additions and 7 deletions
--- a/app/extensions/extension_edit.php
+++ b/app/extensions/extension_edit.php
@@ -733,13 +733,15 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
 					}

 				//update devices having extension assigned to line(s) with new password
-					$sql = "update v_device_lines set ";
-					$sql .= "password = '".$password."' ";
-					$sql .= "where domain_uuid = '".$domain_uuid."' ";
-					$sql .= "and server_address = '".$_SESSION['domain_name']."' ";
-					$sql .= "and user_id = '".$extension."' ";
-					$db->exec(check_sql($sql));
-					unset($sql);
+					if (permission_exists('extension_password')) {
+						$sql = "update v_device_lines set ";
+						$sql .= "password = '".$password."' ";
+						$sql .= "where domain_uuid = '".$domain_uuid."' ";
+						$sql .= "and server_address = '".$_SESSION['domain_name']."' ";
+						$sql .= "and user_id = '".$extension."' ";
+						$db->exec(check_sql($sql));
+						unset($sql);
+					}

 			} //if ($action == "update")