Skip to content

Commit

Permalink
Fix rights checks in export feature
Browse files Browse the repository at this point in the history
  • Loading branch information
cedric-anne authored and trasher committed Jan 24, 2023
1 parent 9a312e8 commit fe5677f
Showing 1 changed file with 11 additions and 6 deletions.
17 changes: 11 additions & 6 deletions front/report.dynamic.php
Original file line number Diff line number Diff line change
Expand Up @@ -32,15 +32,20 @@

include ('../inc/includes.php');

Session::checkCentralAccess();
if (!isset($_GET['item_type']) || !is_string($_GET['item_type']) || !is_a($_GET['item_type'], CommonGLPI::class, true)) {
return;
}

$itemtype = $_GET['item_type'];
Session::checkRight($itemtype::$rightname, READ);

if (isset($_GET["item_type"]) && isset($_GET["display_type"])) {
if (isset($_GET["display_type"])) {
if ($_GET["display_type"] < 0) {
$_GET["display_type"] = -$_GET["display_type"];
$_GET["export_all"] = 1;
}

switch ($_GET["item_type"]) {
switch ($itemtype) {
case 'KnowbaseItem' :
KnowbaseItem::showList($_GET, $_GET["is_faq"]);
break;
Expand Down Expand Up @@ -77,12 +82,12 @@

default :
// Plugin case
if ($plug = isPluginItemType($_GET["item_type"])) {
if ($plug = isPluginItemType($itemtype)) {
if (Plugin::doOneHook($plug['plugin'], 'dynamicReport', $_GET)) {
exit();
}
}
$params = Search::manageParams($_GET["item_type"], $_GET);
Search::showList($_GET["item_type"], $params);
$params = Search::manageParams($itemtype, $_GET);
Search::showList($itemtype, $params);
}
}

0 comments on commit fe5677f

Please sign in to comment.