- Timestamp:
- 12/02/11 16:40:12 (13 years ago)
- Location:
- trunk
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/dns.cgi
r179 r180 1456 1456 my $id = $curgroup; # we do this because the group log may be called from (almost) any page, 1457 1457 # but the others are much more limited. this is probably non-optimal. 1458 1458 1459 if ($webvar{ltype} && $webvar{ltype} eq 'user') { 1459 1460 $sql .= "user_id=?"; 1460 1461 $id = $webvar{id}; 1462 if (!check_scope(id => $id, type => 'user')) { 1463 $page->param(errmsg => "You are not permitted to view log entries for the requested user"); 1464 goto DONELOG; 1465 } 1461 1466 $page->param(logfor => 'user '.userFullName($dbh,$id)); 1462 1467 } elsif ($webvar{ltype} && $webvar{ltype} eq 'dom') { 1463 1468 $sql .= "domain_id=?"; 1464 1469 $id = $webvar{id}; 1470 if (!check_scope(id => $id, type => 'domain')) { 1471 $page->param(errmsg => "You are not permitted to view log entries for the requested domain"); 1472 goto DONELOG; 1473 } 1465 1474 $page->param(logfor => 'domain '.domainName($dbh,$id)); 1466 1475 } else { … … 1468 1477 $sql .= "group_id=?"; 1469 1478 $page->param(logfor => 'group '.groupName($dbh,$id)); 1479 # note that scope limitations are applied via the change-group check; 1480 # group log is always for the "current" group 1470 1481 } 1471 1482 my $sth = $dbh->prepare($sql); … … 1482 1493 } 1483 1494 $page->param(logentries => \@logbits); 1495 1496 # scope check fail target 1497 DONELOG: ; 1484 1498 1485 1499 } # end $webvar{page} dance -
trunk/templates/log.tmpl
r100 r180 4 4 5 5 <td align="center" valign="top"> 6 7 <TMPL_IF errmsg> 8 <div class='errmsg'><TMPL_VAR NAME=errmsg></div> 9 </TMPL_IF> 6 10 7 11 <table border="0" width="90%">
Note:
See TracChangeset
for help on using the changeset viewer.