mirror of
https://github.com/znc/znc.git
synced 2026-03-28 17:42:41 +01:00
7965a12bd0
auth modules = imapauth and saslauth Some code in CWebAdminSock::OnLogin() is skipped if a module handles auth and thus m_pUser stays NULL. Most checks for admin rights only check for m_pUser being NULL and thus any user WHO ALREADY HAS A VALID LOGIN can edit other users if they know their user name. (=Change the password of an admin and log in using this info) One of the major excpeptions are the templates which use m_bAdmin instead of m_pUser for checking the privieleges, thus users still see the normal pages and this bug stayed unnoticed for a while. This patch now moves the code that sets m_pUser to some code which is executed in both cases, when an auth module is in effect and when one isn't. (Well, technically this isn't a move, but code duplication, but executing this twice won't hurt and one of the follow-up patches cleans this up.) git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1113 726aef4b-f618-498e-8847-2d620e286838