Commit d55bdb1d authored by Leigh Stoller's avatar Leigh Stoller

Do not allow non-admins to change the load address of an image!

parent 38124c73
...@@ -17,6 +17,7 @@ PAGEHEADER("Edit Image Descriptor"); ...@@ -17,6 +17,7 @@ PAGEHEADER("Edit Image Descriptor");
# #
$uid = GETLOGIN(); $uid = GETLOGIN();
LOGGEDINORDIE($uid); LOGGEDINORDIE($uid);
$isadmin = ISADMIN($uid);
# #
# Verify form arguments. # Verify form arguments.
...@@ -95,7 +96,7 @@ $query_string = "$query_string WHERE imageid='$imageid'"; ...@@ -95,7 +96,7 @@ $query_string = "$query_string WHERE imageid='$imageid'";
$insert_result = DBQueryFatal($query_string); $insert_result = DBQueryFatal($query_string);
SHOWIMAGEID($imageid, 0); SHOWIMAGEID($imageid, 0, $isadmin);
# #
# Edit option. # Edit option.
......
...@@ -17,6 +17,7 @@ PAGEHEADER("Edit Image Descriptor"); ...@@ -17,6 +17,7 @@ PAGEHEADER("Edit Image Descriptor");
# #
$uid = GETLOGIN(); $uid = GETLOGIN();
LOGGEDINORDIE($uid); LOGGEDINORDIE($uid);
$isadmin = ISADMIN($uid);
# #
# Verify form arguments. # Verify form arguments.
...@@ -37,7 +38,7 @@ if (!TBImageIDAccessCheck($uid, $imageid, $TB_IMAGEID_MODIFYINFO)) { ...@@ -37,7 +38,7 @@ if (!TBImageIDAccessCheck($uid, $imageid, $TB_IMAGEID_MODIFYINFO)) {
USERERROR("You do not have permission to access ImageID $imageid!", 1); USERERROR("You do not have permission to access ImageID $imageid!", 1);
} }
SHOWIMAGEID($imageid, 1); SHOWIMAGEID($imageid, 1, $isadmin);
# #
# Standard Testbed Footer # Standard Testbed Footer
......
...@@ -844,7 +844,7 @@ function SHOWOSINFO($osid) { ...@@ -844,7 +844,7 @@ function SHOWOSINFO($osid) {
# #
# Show ImageID record. # Show ImageID record.
# #
function SHOWIMAGEID($imageid, $edit) { function SHOWIMAGEID($imageid, $edit, $isadmin = 0) {
global $TBDBNAME; global $TBDBNAME;
$query_result = $query_result =
...@@ -1045,7 +1045,7 @@ function SHOWIMAGEID($imageid, $edit) { ...@@ -1045,7 +1045,7 @@ function SHOWIMAGEID($imageid, $edit) {
<td>Load Address: </td> <td>Load Address: </td>
<td class=left>\n"; <td class=left>\n";
if ($edit) { if ($edit && $isadmin) {
echo "<input type=text name=loadaddr size=20 echo "<input type=text name=loadaddr size=20
maxlength=256 value='$loadaddr'>"; maxlength=256 value='$loadaddr'>";
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment