Skip to content

Commit

Permalink
Fixed issue #18927: [security] Export user roles without authorization (
Browse files Browse the repository at this point in the history
#3272)

Co-authored-by: lapiudevgit <devgit@lapiu.biz>
  • Loading branch information
gabrieljenik and lapiudevgit committed Jul 10, 2023
1 parent de80ea9 commit b4ae504
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions application/controllers/UserRoleController.php
Expand Up @@ -242,6 +242,10 @@ public function actionViewRole(int $ptid)
*/
public function actionRunExport($ptid)
{
if (!Permission::model()->hasGlobalPermission('superadmin', 'read')) {
Yii::app()->session['flashmessage'] = gT('You have no access to the role management!');
$this->redirect(['/admin']);
}
$oModel = $this->loadModel($ptid);
$oXML = $oModel->compileExportXML();
$filename = preg_replace("/[^a-zA-Z0-9-_]*/", '', (string) $oModel->name);
Expand Down

0 comments on commit b4ae504

Please sign in to comment.