Submitted by championm on Fri, 04/11/2008 - 13:25
wbt-thejax-theme 0.1-1
Correct permission checking is performed but the link to edit_domain.cgi is printed even if the user isn't allowed:
if ($canconfig) {
push (@domlinks, { page=>"edit_domain.cgi?dom=$d->{'id'}", title=>"$text{'left_edit'}", cat=>"none", icon=>"application_edit" } );
}
else {
push (@domlinks, { page=>"edit_domain.cgi?dom=$d->{'id'}", title=>"$text{'left_view'}", cat=>"none", icon=>"application_edit" } );
}
Status:
Closed (fixed)