From 39977e2603fb52f9d2e80d91b08a8d7da0d5a256 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Thu, 29 Jun 2017 17:49:43 +0200
Subject: [PATCH] Fixed #4648 Insufficient privilege check in sites module

---
 interface/web/sites/ajax_get_json.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/interface/web/sites/ajax_get_json.php b/interface/web/sites/ajax_get_json.php
index 913a81abf4..a3e54e8860 100644
--- a/interface/web/sites/ajax_get_json.php
+++ b/interface/web/sites/ajax_get_json.php
@@ -202,9 +202,9 @@ if ($type == 'getdirectivesnippet') {
 }
 
 if($type == 'getclientssldata'){
-	$web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $web_id);
+	$web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), $web_id);
 	$sys_group = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE groupid = ?", $web['sys_groupid']);
-	$client = $app->db->queryOneRecord("SELECT * FROM client WHERE client_id = ?", $sys_group['client_id']);
+	$client = $app->db->queryOneRecord("SELECT company_name,contact_firstname, contact_name, street, zip, city, telephone, mobile,fax, country, state, email FROM client WHERE client_id = ?",$sys_group['client_id']);
 	if(is_array($client) && !empty($client)){
 		if($client['telephone'] == '' && $client['mobile'] != '') $client['telephone'] = $client['mobile'];
 		
-- 
GitLab