From 2c3fe555e13f0ebf244db070b172650730acc343 Mon Sep 17 00:00:00 2001 From: bradymiller Date: Thu, 22 Apr 2010 00:38:22 +0000 Subject: [PATCH] quick fix to secure phpmyadmin per bug tracker artifact 2990644 --- library/acl.inc | 6 +++++- phpmyadmin/config.inc.php | 9 ++------- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/library/acl.inc b/library/acl.inc index 73383eb59..3a986fd96 100644 --- a/library/acl.inc +++ b/library/acl.inc @@ -14,10 +14,14 @@ //which are run from main OpenEMR directory. $phpgacl_location = "gacl"; } + if (isset ($GLOBALS['phpmyadmin_acl_check'])) { + //use for phpmyadmin acl check (ie. no globals.php is included) + $phpgacl_location = "../gacl"; + } // // If using an external version of phpGACL, then uncomment the following // line and manually place the path below. IN THIS CASE YOU MUST ALSO -// COMMENT OUT BOTH $phpgacl_location ASSIGNMENTS ABOVE, OR BACKUPS WILL +// COMMENT OUT ALL THREE $phpgacl_location ASSIGNMENTS ABOVE, OR BACKUPS WILL // NOT RESTORE PROPERLY! // //$phpgacl_location = "/var/www/gacl"; diff --git a/phpmyadmin/config.inc.php b/phpmyadmin/config.inc.php index 28eb7679d..856aae11c 100644 --- a/phpmyadmin/config.inc.php +++ b/phpmyadmin/config.inc.php @@ -9,22 +9,17 @@ */ -/* OpenEMR Access Control */ -// Does not work with the new globals.php that reads settings from the -// database. I have no idea why. -- Rod 2010-03-30 -/********************************************************************* -require_once("../interface/globals.php"); +// this is the acl check (note can't use globals.php) +$GLOBALS['phpmyadmin_acl_check'] = true; require_once("../library/acl.inc"); if (! acl_check('admin', 'database')) { echo "You do not have access to this resource
"; exit; } -*********************************************************************/ /* OpenEMR Database Settings */ require_once("../library/sqlconf.php"); - /* Servers configuration */ $i = 0; -- 2.11.4.GIT