Skip to content

Commit

Permalink
Fix rights checks in export feature
Browse files Browse the repository at this point in the history
fixes #12359
  • Loading branch information
cedric-anne authored and trasher committed Jan 24, 2023
1 parent e56c4db commit 09dbd1d
Showing 1 changed file with 11 additions and 6 deletions.
17 changes: 11 additions & 6 deletions front/report.dynamic.php
Original file line number Diff line number Diff line change
Expand Up @@ -35,15 +35,20 @@

include('../inc/includes.php');

Session::checkCentralAccess();
if (!isset($_GET['item_type']) || !is_string($_GET['item_type']) || !is_a($_GET['item_type'], CommonGLPI::class, true)) {
return;
}

$itemtype = $_GET['item_type'];
Session::checkRight($itemtype::$rightname, READ);

if (isset($_GET["item_type"]) && isset($_GET["display_type"])) {
if (isset($_GET["display_type"])) {
if ($_GET["display_type"] < 0) {
$_GET["display_type"] = -$_GET["display_type"];
$_GET["export_all"] = 1;
}

switch ($_GET["item_type"]) {
switch ($itemtype) {
case 'KnowbaseItem':
KnowbaseItem::showList($_GET, $_GET["is_faq"]);
break;
Expand Down Expand Up @@ -114,12 +119,12 @@

default:
// Plugin case
if ($plug = isPluginItemType($_GET["item_type"])) {
if ($plug = isPluginItemType($itemtype)) {
if (Plugin::doOneHook($plug['plugin'], 'dynamicReport', $_GET)) {
exit();
}
}
$params = Search::manageParams($_GET["item_type"], $_GET);
Search::showList($_GET["item_type"], $params);
$params = Search::manageParams($itemtype, $_GET);
Search::showList($itemtype, $params);
}
}

0 comments on commit 09dbd1d

Please sign in to comment.