Merge pull request #632 from ZoneMinder/better_security

better fix for the view=console security flaw.
This commit is contained in:
Andrew Bauer 2014-12-16 08:34:14 -06:00
commit c28206e8d1
2 changed files with 5 additions and 5 deletions

View File

@ -122,6 +122,11 @@ foreach ( getSkinIncludes( 'skin.php' ) as $includeFile )
require_once( 'includes/actions.php' );
# If I put this here, it protects all views and popups, but it has to go after actions.php because actions.php does the actual logging in.
if ( ZM_OPT_USE_AUTH && ! isset($user) && $view != 'login' ) {
$view = 'login';
}
if ( isset( $_REQUEST['request'] ) )
{
foreach ( getSkinIncludes( 'ajax/'.$request.'.php', true, true ) as $includeFile )

View File

@ -18,11 +18,6 @@
// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
//
if ( ZM_OPT_USE_AUTH && ! isset($user) ) {
$view = "error";
return;
}
$eventCounts = array(
array(
"title" => $SLANG['Events'],