[dev] auth capabilities checking is missing in horde/services/shares/edit.php

Didier Colens dcolens at cisco.com
Tue Mar 16 06:09:34 PST 2004


Hello,


In horde/services/shares/edit.php around line 320:
if (is_a($share, 'PEAR_Error')) {
    $title = _("Edit Permissions");
} else {
    $title = sprintf(_("Edit Permissions for %s"), $share->get('name'));
}

$userList = $auth->listUsers();                  <============There's no
check for list capability of the auth driver here.
if (is_a($userList, 'PEAR_Error')) {
    Horde::logMessage($userList, __FILE__, __LINE__, PEAR_LOG_NOTICE);
    $userList = array();
}


Something like this should fix it I think:
if ($auth->hasCapability('list')) {
    $userList = $auth->listUsers();
    if (is_a($userList, 'PEAR_Error')) {
        Horde::logMessage($userList, __FILE__, __LINE__, PEAR_LOG_NOTICE);
        $userList = array();
    }
} else {
    $userList = array();
}


Cheers,
Did





More information about the dev mailing list