From 0f32a1a23f0a0a71a94cbabccb36c49b3d550530 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Tue, 24 Mar 2015 10:57:44 +0100 Subject: glpi 0.84: add security fix (the patch) --- glpi-0.84-bug5218.patch | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 glpi-0.84-bug5218.patch diff --git a/glpi-0.84-bug5218.patch b/glpi-0.84-bug5218.patch new file mode 100644 index 0000000..062b68d --- /dev/null +++ b/glpi-0.84-bug5218.patch @@ -0,0 +1,15 @@ +Index: branches/0.84-bugfixes/inc/user.class.php +=================================================================== +--- branches/0.84-bugfixes/inc/user.class.php (révision 23406) ++++ branches/0.84-bugfixes/inc/user.class.php (révision 23407) +@@ -556,7 +556,9 @@ + // Add default profile + if (!$rulesplayed) { + $affectation = array(); +- if (isset($this->input['_profiles_id']) && $this->input['_profiles_id']) { ++ if (isset($this->input['_profiles_id']) && $this->input['_profiles_id'] ++ && Profile::currentUserHaveMoreRightThan(array($this->input['_profiles_id'])) ++ ) { + $profile = $this->input['_profiles_id']; + // Choosen in form, so not dynamic + $affectation['is_dynamic'] = 0; -- cgit