From d6bec7a7dba66e8312305eb50bdad73299c533e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Tue, 30 Jun 2015 12:28:48 +0200
Subject: [PATCH] - fixed access check in client templates and mail content
 filters

---
 interface/web/client/client_template_del.php    | 2 +-
 interface/web/client/client_template_edit.php   | 2 +-
 interface/web/client/client_template_list.php   | 2 +-
 interface/web/mail/mail_content_filter_edit.php | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/interface/web/client/client_template_del.php b/interface/web/client/client_template_del.php
index b57224f8e..29d7499ea 100644
--- a/interface/web/client/client_template_del.php
+++ b/interface/web/client/client_template_del.php
@@ -44,7 +44,7 @@ require_once '../../lib/app.inc.php';
 
 //* Check permissions for module
 $app->auth->check_module_permissions('client');
-if(!$_SESSION["s"]["user"]["typ"] == 'admin') die('Client-Templates are for Admins only.');
+if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) die('Client-Templates are for Admins and Resellers only.');
 
 $app->uses('tpl,tform');
 $app->load('tform_actions');
diff --git a/interface/web/client/client_template_edit.php b/interface/web/client/client_template_edit.php
index bc5c6d22c..3ce027a4d 100644
--- a/interface/web/client/client_template_edit.php
+++ b/interface/web/client/client_template_edit.php
@@ -43,7 +43,7 @@ require_once '../../lib/app.inc.php';
 
 //* Check permissions for module
 $app->auth->check_module_permissions('client');
-if(!$_SESSION["s"]["user"]["typ"] == 'admin') die('Client-Templates are only for Admins.');
+if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) die('Client-Templates are for Admins and Resellers only.');
 
 // Loading classes
 $app->uses('tpl,tform,tform_actions');
diff --git a/interface/web/client/client_template_list.php b/interface/web/client/client_template_list.php
index c87cea01e..70cdc80fc 100644
--- a/interface/web/client/client_template_list.php
+++ b/interface/web/client/client_template_list.php
@@ -41,7 +41,7 @@ $list_def_file = "list/client_template.list.php";
 
 //* Check permissions for module
 $app->auth->check_module_permissions('client');
-if(!$_SESSION["s"]["user"]["typ"] == 'admin') die('Client-Templates are only for Admins.');
+if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) die('Client-Templates are for Admins and Resellers only.');
 
 $app->uses('listform_actions');
 $app->listform_actions->SQLOrderBy = 'ORDER BY client_template.template_name';
diff --git a/interface/web/mail/mail_content_filter_edit.php b/interface/web/mail/mail_content_filter_edit.php
index 5672135ca..8a98a03db 100644
--- a/interface/web/mail/mail_content_filter_edit.php
+++ b/interface/web/mail/mail_content_filter_edit.php
@@ -44,7 +44,7 @@ require_once '../../lib/app.inc.php';
 //* Check permissions for module
 $app->auth->check_module_permissions('mail');
 
-if(!$_SESSION["s"]["user"]["typ"] == 'admin') die('These Filters are only for Admins.');
+if($_SESSION["s"]["user"]["typ"] != 'admin') die('These Filters are only for Admins.');
 
 
 // Loading classes
-- 
GitLab