From d25687276ee2b59a0617653b850979af003dec7e Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Fri, 26 Apr 2013 16:28:54 +0200 Subject: [PATCH] Fix: bypass the second test if the first is ok --- htdocs/core/lib/security.lib.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 611a2de2ac8..4acfd4912c6 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -167,7 +167,7 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature foreach($feature2 as $subfeature) { if (empty($user->rights->$feature->$subfeature->lire) && empty($user->rights->$feature->$subfeature->read)) $readok=0; - else $readok=1; + else { $readok=1; break; } // For bypass the second test if the first is ok } } else if (! empty($feature) && ($feature!='user' && $feature!='usergroup')) // This is for old permissions @@ -216,7 +216,7 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature foreach($feature2 as $subfeature) { if (empty($user->rights->$feature->$subfeature->creer) && empty($user->rights->$feature->$subfeature->write)) $createok=0; - else $createok=1; + else { $createok=1; break; } // For bypass the second test if the first is ok } } else if (! empty($feature)) // This is for old permissions @@ -280,7 +280,7 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature foreach($feature2 as $subfeature) { if (empty($user->rights->$feature->$subfeature->supprimer) && empty($user->rights->$feature->$subfeature->delete)) $deleteok=0; - else $deleteok=1; + else { $deleteok=1; break; } // For bypass the second test if the first is ok } } else if (! empty($feature)) // This is for old permissions