From 218ccf51e38ad9b0654aa509f2bf8eec44d69c07 Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Fri, 8 Aug 2014 11:47:06 +0200 Subject: Add permission checks to the request feature * Only show the request form to users that are logged in. * Only show the close request form to Trusted Users and developers. * Check for a valid login in pkgreq_file(). Signed-off-by: Lukas Fleischer --- web/html/pkgreq.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'web/html/pkgreq.php') diff --git a/web/html/pkgreq.php b/web/html/pkgreq.php index 03b31b8..ccb0acd 100644 --- a/web/html/pkgreq.php +++ b/web/html/pkgreq.php @@ -9,9 +9,17 @@ set_lang(); check_sid(); if (isset($base_id)) { + if (!has_credential(CRED_PKGREQ_FILE)) { + header('Location: /'); + exit(); + } html_header(__("File Request")); include('pkgreq_form.php'); } elseif (isset($pkgreq_id)) { + if (!has_credential(CRED_PKGREQ_CLOSE)) { + header('Location: /'); + exit(); + } html_header(__("Close Request")); $pkgbase_name = pkgreq_get_pkgbase_name($pkgreq_id); include('pkgreq_close_form.php'); -- cgit v1.2.3-70-g09d2