mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-05-24 16:28:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

Security update for report subpermissions

Browse Source
This commit is contained in:
jekkos-t520
2014-10-17 08:29:46 +02:00
parent 7fad710277
commit 31877528b1
2 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
application/controllers/reports.php
View File

@@ -12,17 +12,14 @@ class Reports extends Secure_area
parent::__construct('reports');
$method_name = $this->uri->segment(2);
$exploder = explode('_', $method_name);
$submodule_id = preg_match("/(?:inventory)|([^_.]*)(?:_graph)?$/", $method_name, $matches);
$submodule_id = array_pop($matches);
if (count($matches) > 1)
{
$submodule_id = preg_replace("/^(.*?)s?$/", "$1s", $submodule_id);
}
preg_match("/(?:inventory)|([^_.]*)(?:_graph)?$/", $method_name, $matches);
preg_match("/^(.*?)([sy])?$/", array_pop($matches), $matches);
$submodule_id = $matches[1] . ((count($matches) > 2) ? $matches[2] : "s");
$employee_id=$this->Employee->get_logged_in_employee_info()->person_id;
// check access to report submodule
if (sizeof($exploder) > 1 && !$this->Employee->has_grant('reports_'.$submodule_id,$employee_id))
{
redirect('no_access/'.$submodule_id.'/reports_' . $submodule_id);
redirect('no_access/reports/reports_' . $submodule_id);
}
$this->load->helper('report');
}

4
system/libraries/Email.php
View File

@@ -610,6 +610,10 @@ class CI_Email {
*/
protected function _get_message_id()
{
$from = $this->_headers['Return-Path'];
$from = str_replace(">", "", $from);
$from = str_replace("<", "", $from);
return "<".uniqid('').strstr($from, '@').">";
}