From 637bab3ec1e610a130fa7dc66ca0c5bdac4cc6d5 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Sat, 30 Dec 2017 10:00:46 +0100
Subject: [PATCH] Cleaned up FAQ module files to use global auth function
 instead of repeating the code in each file.

---
 interface/web/help/faq_delete.php                | 5 +----
 interface/web/help/faq_edit.php                  | 5 +----
 interface/web/help/faq_list.php                  | 7 ++-----
 interface/web/help/faq_manage_questions_list.php | 2 +-
 interface/web/help/faq_sections_delete.php       | 5 +----
 interface/web/help/faq_sections_edit.php         | 5 +----
 interface/web/help/faq_sections_list.php         | 5 +----
 7 files changed, 8 insertions(+), 26 deletions(-)

diff --git a/interface/web/help/faq_delete.php b/interface/web/help/faq_delete.php
index e8f3627278..c1faed60d9 100644
--- a/interface/web/help/faq_delete.php
+++ b/interface/web/help/faq_delete.php
@@ -9,10 +9,7 @@ require_once '../../lib/config.inc.php';
 require_once '../../lib/app.inc.php';
 
 // Check module permissions
-if(!stristr($_SESSION['s']['user']['modules'], 'help')) {
-	header('Location: ../index.php');
-	die;
-}
+$app->auth->check_module_permissions('admin');
 
 // Load the form
 $app->uses('tform_actions');
diff --git a/interface/web/help/faq_edit.php b/interface/web/help/faq_edit.php
index 629bde88c7..397f5cccf4 100644
--- a/interface/web/help/faq_edit.php
+++ b/interface/web/help/faq_edit.php
@@ -8,10 +8,7 @@ require_once '../../lib/config.inc.php';
 require_once '../../lib/app.inc.php';
 
 // Check the  module permissions and redirect if not allowed.
-if(!stristr($_SESSION['s']['user']['modules'], 'help')) {
-	header('Location: ../index.php');
-	die;
-}
+$app->auth->check_module_permissions('admin');
 
 // Load the templating and form classes
 $app->uses('tpl,tform,tform_actions');
diff --git a/interface/web/help/faq_list.php b/interface/web/help/faq_list.php
index 128480dca2..ed5ffa4fab 100644
--- a/interface/web/help/faq_list.php
+++ b/interface/web/help/faq_list.php
@@ -7,10 +7,7 @@ require_once '../../lib/app.inc.php';
 $list_def_file = 'list/faq_list.php';
 
 // Check the module permissions
-if(!stristr($_SESSION['s']['user']['modules'], 'help')) {
-	header('Location: ../index.php');
-	die();
-}
+$app->auth->check_module_permissions('help');
 
 // Loading the class
 $app->uses('listform_actions');
@@ -31,7 +28,7 @@ $app->listform_actions->SQLExtWhere = "help_faq.hf_section = $hf_section";
 
 if($hf_section) $res = $app->db->queryOneRecord("SELECT hfs_name FROM help_faq_sections WHERE hfs_id=?", $hf_section);
 // Start the form rendering and action ahndling
-echo "<h2>FAQ: ".$res['hfs_name']."</h2>";
+echo "<h2>FAQ: ".$app->functions->htmlentities($res['hfs_name'])."</h2>";
 if($hf_section) $app->listform_actions->onLoad();
 
 ?>
diff --git a/interface/web/help/faq_manage_questions_list.php b/interface/web/help/faq_manage_questions_list.php
index e728244586..ae29e752fc 100644
--- a/interface/web/help/faq_manage_questions_list.php
+++ b/interface/web/help/faq_manage_questions_list.php
@@ -6,7 +6,7 @@ require_once '../../lib/app.inc.php';
 $list_def_file = "list/faq_manage_questions_list.php";
 
 //* Check permissions for module
-$app->auth->check_module_permissions('help');
+$app->auth->check_module_permissions('admin');
 
 //* Loading the class
 $app->uses('listform_actions');
diff --git a/interface/web/help/faq_sections_delete.php b/interface/web/help/faq_sections_delete.php
index adcacf4376..865071ff25 100644
--- a/interface/web/help/faq_sections_delete.php
+++ b/interface/web/help/faq_sections_delete.php
@@ -9,10 +9,7 @@ require_once '../../lib/config.inc.php';
 require_once '../../lib/app.inc.php';
 
 // Check module permissions
-if(!stristr($_SESSION['s']['user']['modules'], 'help')) {
-	header('Location: ../index.php');
-	die;
-}
+$app->auth->check_module_permissions('admin');
 
 // Load the form
 $app->uses('tform_actions');
diff --git a/interface/web/help/faq_sections_edit.php b/interface/web/help/faq_sections_edit.php
index 32f0123466..f146db8605 100644
--- a/interface/web/help/faq_sections_edit.php
+++ b/interface/web/help/faq_sections_edit.php
@@ -8,10 +8,7 @@ require_once '../../lib/config.inc.php';
 require_once '../../lib/app.inc.php';
 
 // Check the  module permissions and redirect if not allowed.
-if(!stristr($_SESSION['s']['user']['modules'], 'help')) {
-	header('Location: ../index.php');
-	die;
-}
+$app->auth->check_module_permissions('admin');
 
 // Load the templating and form classes
 $app->uses('tpl,tform,tform_actions');
diff --git a/interface/web/help/faq_sections_list.php b/interface/web/help/faq_sections_list.php
index 4acb4ae20e..7ce9fb0235 100644
--- a/interface/web/help/faq_sections_list.php
+++ b/interface/web/help/faq_sections_list.php
@@ -7,10 +7,7 @@ require_once '../../lib/app.inc.php';
 $list_def_file = 'list/faq_sections_list.php';
 
 // Check the module permissions
-if(!stristr($_SESSION['s']['user']['modules'], 'help')) {
-	header('Location: ../index.php');
-	die();
-}
+$app->auth->check_module_permissions('admin');
 
 // Loading the class
 $app->uses('listform_actions');
-- 
GitLab