[jan] SECURITY: Fix permission check when downloading reports.

horde · Jun 13, 2017 · 3e08a72 · 3e08a72
1 parent fe483e5
commit 3e08a72
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 4 deletions.
diff --git a/docs/CHANGES b/docs/CHANGES
@@ -2,6 +2,7 @@
 v3.0.10-git
 -----------
 
+[jan] SECURITY: Fix permission check when downloading reports.
 
 
 ------

diff --git a/lib/Application.php b/lib/Application.php
@@ -206,8 +206,12 @@ public function download(Horde_Variables $vars)
 
             // Fetch all unresolved tickets assigned to the current user.
             $info = array('id' => explode(',', $vars->ids));
-            $tickets = $whups_driver->getTicketsByProperties($info);
-            foreach ($tickets as $id => $info) {
+            $tickets = array();
+            foreach ($whups_driver->getTicketsByProperties($info) as $id => $info) {
+                if (!Whups::hasPermission($info['queue'], 'queue', Horde_Perms::READ)) {
+                    continue;
+                }
+                $tickets[$id] = $info;
                 $tickets[$id]['#'] = $id + 1;
                 $tickets[$id]['link'] = Whups::urlFor('ticket', $info['id'], true, -1);
                 $tickets[$id]['date_created'] = strftime('%x', $info['timestamp']);

diff --git a/package.xml b/package.xml
@@ -27,7 +27,7 @@
  </stability>
  <license uri="http://www.horde.org/licenses/bsdl.php">BSD-2-Clause</license>
  <notes>
-* 
+* [jan] SECURITY: Fix permission check when downloading reports.
  </notes>
  <contents>
   <dir baseinstalldir="/" name="/">
@@ -1246,7 +1246,7 @@
    <date>2016-12-16</date>
    <license uri="http://www.horde.org/licenses/bsdl.php">BSD-2-Clause</license>
    <notes>
-* 
+* [jan] SECURITY: Fix permission check when downloading reports.
    </notes>
   </release>
  </changelog>