Skip to content

Commit

Permalink
Fix global user.queries.php permissions.
Browse files Browse the repository at this point in the history
  • Loading branch information
@corentin-soriano
corentin-soriano committed Oct 8, 2024
1 parent e46c17a commit c7f7f80
Show file tree
Hide file tree
Showing 2 changed files with 84 additions and 109 deletions.
2 changes: 1 addition & 1 deletion pages/users.js.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2439,7 +2439,7 @@ function changeUserAuthType(auth) {

// prepare data
var data = {
'id': $('.selected-user').data('user-id'),
'user_id': $('.selected-user').data('user-id'),
'auth_type': auth
};
if (debugJavascript === true) console.log(data)
Expand Down
191 changes: 83 additions & 108 deletions sources/users.queries.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,87 @@
$tree = new NestedTree(prefixTable('nested_tree'), 'id', 'parent_id', 'title');

if (null !== $post_type) {

// List of post types allowed to all users
$all_users_can_access = [
'get_generate_keys_progress',
'user_profile_update',
'save_user_change',
];

// decrypt and retrieve data in JSON format
$dataReceived = [];
if (!empty($post_data)) {
prepareExchangedData(
$post_data,
'decode'
);
}

// Non-manager use
if ((int) $session->get('user-admin') !== 1 &&
(int) $session->get('user-manager') !== 1 &&
(int) $session->get('user-can_manage_all_users') !== 1) {

// Administrative type requested -> deny
if (!in_array($post_type, $all_users_can_access)) {
echo prepareExchangedData(
array(
'error' => true,
'message' => $lang->get('error_not_allowed_to'),
),
'encode'
);
exit;
} else if (isset($dataReceived['user_id'])) {
// If user isn't manager, he can't change user_id
$dataReceived['user_id'] = (int) $session->get('user-id');
}
}

// For administrative types only, do additional check whether user is manager
// and $dataReceived['user_id'] is defined to ensure that this manager can
// modify this user account.
if (!in_array($post_type, $all_users_can_access) &&
(int) $session->get('user-admin') !== 1 && isset($dataReceived['user_id'])) {

// Get info about user to modify
$targetUserInfos = DB::queryfirstrow(
'SELECT admin, gestionnaire, can_manage_all_users, isAdministratedByRole FROM ' . prefixTable('users') . '
WHERE id = %i',
(int) $dataReceived['user_id']
);

// Managers can't edit administrator or other manager
if ((int) $targetUserInfos['admin'] === 1 ||
(int) $targetUserInfos['can_manage_all_users'] === 1 ||
(int) $targetUserInfos['gestionnaire'] === 1) {

echo prepareExchangedData(
array(
'error' => true,
'message' => $lang->get('error_not_allowed_to'),
),
'encode'
);
exit;
}

// Manager of basic/ro users in this role
if ((int) $session->get('user-manager') === 1
&& !in_array($targetUserInfos['isAdministratedByRole'], $session->get('user-roles_array'))) {

echo prepareExchangedData(
array(
'error' => true,
'message' => $lang->get('error_not_allowed_to'),
),
'encode'
);
exit;
}
}

switch ($post_type) {
/*
* ADD NEW USER
Expand Down Expand Up @@ -136,12 +217,6 @@
break;
}

// decrypt and retrieve data in JSON format
$dataReceived = prepareExchangedData(
$post_data,
'decode'
);

// Prepare variables
$login = filter_var($dataReceived['login'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$email = filter_var($dataReceived['email'], FILTER_SANITIZE_EMAIL);
Expand Down Expand Up @@ -403,12 +478,6 @@
break;
}

// decrypt and retrieve data in JSON format
$dataReceived = prepareExchangedData(
$post_data,
'decode'
);

// Prepare variables
$post_id = filter_var($dataReceived['user_id'], FILTER_SANITIZE_NUMBER_INT);

Expand Down Expand Up @@ -998,11 +1067,6 @@
* Migrate the Admin PF to User
*/
case 'migrate_admin_pf':
// decrypt and retreive data in JSON format
$dataReceived = prepareExchangedData(
filter_input(INPUT_POST, 'data', FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_FLAG_NO_ENCODE_QUOTES),
'decode'
);
// Prepare variables
$user_id = htmlspecialchars_decode($data_received['user_id']);
$salt_user = htmlspecialchars_decode($data_received['salt_user']);
Expand Down Expand Up @@ -1162,12 +1226,6 @@
);
break;
}

// decrypt and retrieve data in JSON format
$dataReceived = prepareExchangedData(
$post_data,
'decode'
);

// Prepare variables
$post_id = filter_var($dataReceived['user_id'], FILTER_SANITIZE_NUMBER_INT);
Expand Down Expand Up @@ -1421,12 +1479,6 @@
break;
}

// decrypt and retrieve data in JSON format
$dataReceived = prepareExchangedData(
$post_data,
'decode'
);

// Prepare variables
$post_id = filter_var($dataReceived['user_id'], FILTER_SANITIZE_NUMBER_INT);
$post_login = filter_var($dataReceived['login'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
Expand Down Expand Up @@ -1703,12 +1755,6 @@
break;
}

// decrypt and retrieve data in JSON format
$dataReceived = prepareExchangedData(
$post_data,
'decode'
);

// Prepare variables
$post_id = filter_var($dataReceived['user_id'], FILTER_SANITIZE_NUMBER_INT);

Expand Down Expand Up @@ -2085,12 +2131,6 @@
break;
}

// decrypt and retreive data in JSON format
$dataReceived = prepareExchangedData(
$post_data,
'decode'
);

// Prepare variables
$data = [
'source_id' => isset($dataReceived['source_id']) === true ? $dataReceived['source_id'] : 0,
Expand Down Expand Up @@ -2222,12 +2262,6 @@
break;
}

// decrypt and retreive data in JSON format
$dataReceived = prepareExchangedData(
$post_data,
'decode'
);

if (empty($dataReceived) === false) {
// Sanitize
$data = [
Expand Down Expand Up @@ -2340,12 +2374,6 @@
break;
}

// decrypt and retrieve data in JSON format
$dataReceived = prepareExchangedData(
$post_data,
'decode'
);

// prepare variables
$post_user_id = filter_var($dataReceived['user_id'], FILTER_SANITIZE_NUMBER_INT);
$post_field = filter_var($dataReceived['field'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
Expand Down Expand Up @@ -2649,12 +2677,6 @@
break;
}

// decrypt and retrieve data in JSON format
$dataReceived = prepareExchangedData(
$post_data,
'decode'
);

// Prepare variables
$post_login = filter_var($dataReceived['login'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$post_name = filter_var($dataReceived['name'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
Expand Down Expand Up @@ -2838,12 +2860,6 @@
break;
}

// decrypt and retrieve data in JSON format
$dataReceived = prepareExchangedData(
$post_data,
'decode'
);

// Prepare variables
$post_userId = filter_var($dataReceived['user_id'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$post_otp = filter_var($dataReceived['user_new_otp'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
Expand Down Expand Up @@ -2888,7 +2904,7 @@

break;

/*
/*
* CHANGE USER AUTHENTICATION TYPE
*/
case 'change_user_auth_type':
Expand All @@ -2904,14 +2920,8 @@
break;
}

// decrypt and retrieve data in JSON format
$dataReceived = prepareExchangedData(
$post_data,
'decode'
);

// Prepare variables
$post_id = filter_var($dataReceived['id'], FILTER_SANITIZE_NUMBER_INT);
$post_id = filter_var($dataReceived['user_id'], FILTER_SANITIZE_NUMBER_INT);
$post_auth = filter_var($dataReceived['auth_type'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);


Expand Down Expand Up @@ -2981,12 +2991,6 @@
break;
}

// decrypt and retrieve data in JSON format
$dataReceived = prepareExchangedData(
$post_data,
'decode'
);

// Prepare variables
$post_userid = filter_var($dataReceived['user_id'], FILTER_SANITIZE_NUMBER_INT);
$post_password = filter_var($dataReceived['password'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
Expand Down Expand Up @@ -3126,12 +3130,6 @@
break;
}

// decrypt and retrieve data in JSON format
$dataReceived = prepareExchangedData(
$post_data,
'decode'
);

// Prepare variables
$post_id = filter_var($dataReceived['user_id'], FILTER_SANITIZE_NUMBER_INT);
$post_user_disabled = filter_var($dataReceived['disabled_status'], FILTER_SANITIZE_NUMBER_INT);
Expand Down Expand Up @@ -3210,12 +3208,6 @@
break;
}

// decrypt and retrieve data in JSON format
$dataReceived = prepareExchangedData(
$post_data,
'decode'
);

// Prepare variables
$post_user_id = filter_var($dataReceived['user_id'], FILTER_SANITIZE_NUMBER_INT);
$post_user_pwd = isset($dataReceived['user_pwd']) === true ? ($dataReceived['user_pwd']) : '';
Expand Down Expand Up @@ -3383,12 +3375,6 @@
break;
}

// decrypt and retrieve data in JSON format
$dataReceived = prepareExchangedData(
$post_data,
'decode'
);

// Prepare variables
$user_id = filter_var($dataReceived['user_id'], FILTER_SANITIZE_NUMBER_INT);

Expand Down Expand Up @@ -3462,12 +3448,6 @@
break;
}

// decrypt and retrieve data in JSON format
$dataReceived = prepareExchangedData(
$post_data,
'decode'
);

if (isset($dataReceived['user_id']) === false) {
// Exit nothing to be done
echo prepareExchangedData(
Expand Down Expand Up @@ -3542,11 +3522,6 @@
break;
}

// decrypt and retrieve data in JSON format
$dataReceived = prepareExchangedData(
$post_data,
'decode'
);
// Prepare variables
$user_id = filter_var($dataReceived['user_id'], FILTER_SANITIZE_NUMBER_INT);

Expand Down

0 comments on commit c7f7f80

Please sign in to comment.