diff options
author | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-04-07 19:52:22 +0000 |
---|---|---|
committer | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-04-07 19:52:22 +0000 |
commit | dfeb3f0369696b9722026d502d7c3f8a599462af (patch) | |
tree | ecbe2986e84e4874cfaa81fd9a73cfe2cafe66ac /pki/base/ra | |
parent | a2527f0314a8766bdeeb11831444a5b37b2cd074 (diff) | |
download | pki-dfeb3f0369696b9722026d502d7c3f8a599462af.tar.gz pki-dfeb3f0369696b9722026d502d7c3f8a599462af.tar.xz pki-dfeb3f0369696b9722026d502d7c3f8a599462af.zip |
Bugzilla BZ#484828: op.cgi allows RA agents to approve requests not assigned to their agent group
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@377 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/ra')
-rwxr-xr-x | pki/base/ra/forms/agent/request/op.cgi | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/pki/base/ra/forms/agent/request/op.cgi b/pki/base/ra/forms/agent/request/op.cgi index f474fd37..a475c0d8 100755 --- a/pki/base/ra/forms/agent/request/op.cgi +++ b/pki/base/ra/forms/agent/request/op.cgi @@ -76,10 +76,22 @@ sub process() $queue->open($cfg); my $ref; - my $pref = $queue->read_request($id); + + my @roles = $self->get_current_roles($cfg); + my $pref = $queue->read_request_by_roles(\@roles, $id); + + if (! defined $pref) { + $queue->close(); + $self->debug_log($cfg, "Invalid attempt to process request id= " . $id . + " by userid= " . $uid); + print $q->redirect("/agent/error.cgi"); + return; + } + my $curr_status = $pref->{'status'}; if ($type eq "approve") { if (($curr_status ne "OPEN") && ($curr_status ne "ERROR")) { + $queue->close(); print $q->redirect("/agent/request/read.cgi?id=$id"); return; } @@ -87,6 +99,7 @@ sub process() $ref = $queue->approve_request($id, $uid); } elsif ($type eq "reject") { if (($curr_status ne "OPEN") && ($curr_status ne "ERROR")) { + $queue->close(); print $q->redirect("/agent/request/read.cgi?id=$id"); return; } |