summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemi Collet <fedora@famillecollet.com>2015-03-24 10:57:44 +0100
committerRemi Collet <fedora@famillecollet.com>2015-03-24 10:57:44 +0100
commit0f32a1a23f0a0a71a94cbabccb36c49b3d550530 (patch)
tree2ccb30cf5f3321192c185ba682b2a669e9d06375
parent213d4b0c91edb6b96dbcfd385c5c7723e478dfda (diff)
glpi 0.84: add security fix (the patch)
-rw-r--r--glpi-0.84-bug5218.patch15
1 files changed, 15 insertions, 0 deletions
diff --git a/glpi-0.84-bug5218.patch b/glpi-0.84-bug5218.patch
new file mode 100644
index 0000000..062b68d
--- /dev/null
+++ b/glpi-0.84-bug5218.patch
@@ -0,0 +1,15 @@
+Index: branches/0.84-bugfixes/inc/user.class.php
+===================================================================
+--- branches/0.84-bugfixes/inc/user.class.php (révision 23406)
++++ branches/0.84-bugfixes/inc/user.class.php (révision 23407)
+@@ -556,7 +556,9 @@
+ // Add default profile
+ if (!$rulesplayed) {
+ $affectation = array();
+- if (isset($this->input['_profiles_id']) && $this->input['_profiles_id']) {
++ if (isset($this->input['_profiles_id']) && $this->input['_profiles_id']
++ && Profile::currentUserHaveMoreRightThan(array($this->input['_profiles_id']))
++ ) {
+ $profile = $this->input['_profiles_id'];
+ // Choosen in form, so not dynamic
+ $affectation['is_dynamic'] = 0;