Skip to content

Commit

Permalink
Restricting arbitrary users from creating servers/groups
Browse files Browse the repository at this point in the history 
At the moment, arbitrary users are able to create
servers/groups by forging their own POST call. This
Patch limits both calls to administrators.
  • Loading branch information
@mettke
mettke committed Apr 4, 2019
1 parent 3920033 commit fe2eeab
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion views/groups.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
## limitations under the License.
##

if(isset($_POST['add_group'])) {
if(isset($_POST['add_group']) && ($active_user->admin)) {
$name = trim($_POST['name']);
if(preg_match('|/|', $name)) {
$content = new PageSection('invalid_group_name');
Expand Down
2 changes: 1 addition & 1 deletion views/servers.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
## limitations under the License.
##

if(isset($_POST['add_server'])) {
if(isset($_POST['add_server']) && ($active_user->admin)) {
$hostname = trim($_POST['hostname']);
if(!preg_match('|.*\..*\..*|', $hostname)) {
$content = new PageSection('invalid_hostname');
Expand Down

0 comments on commit fe2eeab

Please sign in to comment.