Skip to content

Commit

Permalink
Prevent unauthorized access to inventory files
Browse files Browse the repository at this point in the history
  • Loading branch information
cedric-anne authored and trasher committed Jan 24, 2023
1 parent 902e783 commit 03ee540
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion front/document.send.php
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@
}
}

if ($splitter[0] == "_inventory") {
if ($splitter[0] == "_inventory" && Session::haveRight(Conf::$rightname, READ)) {
$iconf = new Conf();
if ($iconf->isInventoryFile(GLPI_INVENTORY_DIR . '/' . $splitter[1])) {
$send = GLPI_INVENTORY_DIR . '/' . $splitter[1];
Expand Down
2 changes: 1 addition & 1 deletion templates/components/form/inventory_info.html.twig
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@
# ---------------------------------------------------------------------
#}

{% if item.isDynamic() != false %}
{% if has_profile_right('inventory', constant('READ')) and item.isDynamic() != false %}
<div class="card m-n2 border-0 shadow-none">
<div class="card-header">
<div class="ribbon ribbon-bookmark ribbon-top ribbon-start bg-blue s-1">
Expand Down

0 comments on commit 03ee540

Please sign in to comment.