Merge pull request #632 from ZoneMinder/better_security
better fix for the view=console security flaw.
This commit is contained in:
commit
c28206e8d1
|
@ -122,6 +122,11 @@ foreach ( getSkinIncludes( 'skin.php' ) as $includeFile )
|
|||
|
||||
require_once( 'includes/actions.php' );
|
||||
|
||||
# If I put this here, it protects all views and popups, but it has to go after actions.php because actions.php does the actual logging in.
|
||||
if ( ZM_OPT_USE_AUTH && ! isset($user) && $view != 'login' ) {
|
||||
$view = 'login';
|
||||
}
|
||||
|
||||
if ( isset( $_REQUEST['request'] ) )
|
||||
{
|
||||
foreach ( getSkinIncludes( 'ajax/'.$request.'.php', true, true ) as $includeFile )
|
||||
|
|
|
@ -18,11 +18,6 @@
|
|||
// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
//
|
||||
|
||||
if ( ZM_OPT_USE_AUTH && ! isset($user) ) {
|
||||
$view = "error";
|
||||
return;
|
||||
}
|
||||
|
||||
$eventCounts = array(
|
||||
array(
|
||||
"title" => $SLANG['Events'],
|
||||
|
|
Loading…
Reference in New Issue