From 0a3a6c0f88790863f87fabb7074eac7842b477d1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?=
 <marcosgdf@gmail.com>
Date: Sun, 5 Jan 2014 19:13:12 +0100
Subject: [PATCH] Restricted survey creation to
 $user->rights->opensurvey->write

---
 htdocs/opensurvey/wizard/choix_autre.php   | 3 +++
 htdocs/opensurvey/wizard/choix_date.php    | 3 +++
 htdocs/opensurvey/wizard/create_survey.php | 4 +++-
 htdocs/opensurvey/wizard/index.php         | 4 +++-
 4 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/htdocs/opensurvey/wizard/choix_autre.php b/htdocs/opensurvey/wizard/choix_autre.php
index fb869d65c69..302cbfccf6a 100644
--- a/htdocs/opensurvey/wizard/choix_autre.php
+++ b/htdocs/opensurvey/wizard/choix_autre.php
@@ -27,6 +27,9 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/admin.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/opensurvey/fonctions.php");
 
+// Security check
+if (!$user->rights->opensurvey->write) accessforbidden ();
+
 /*
  * Action
  */
diff --git a/htdocs/opensurvey/wizard/choix_date.php b/htdocs/opensurvey/wizard/choix_date.php
index 606b1ecf873..25f6ddc2453 100644
--- a/htdocs/opensurvey/wizard/choix_date.php
+++ b/htdocs/opensurvey/wizard/choix_date.php
@@ -27,6 +27,9 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/admin.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/opensurvey/fonctions.php");
 
+// Security check
+if (!$user->rights->opensurvey->write) accessforbidden ();
+
 //le format du sondage est DATE
 $_SESSION["formatsondage"] = "D";
 
diff --git a/htdocs/opensurvey/wizard/create_survey.php b/htdocs/opensurvey/wizard/create_survey.php
index cad66b34d4a..a8169d9d5da 100644
--- a/htdocs/opensurvey/wizard/create_survey.php
+++ b/htdocs/opensurvey/wizard/create_survey.php
@@ -27,8 +27,10 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/admin.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/opensurvey/fonctions.php");
 
-$langs->load("opensurvey");
+// Security check
+if (!$user->rights->opensurvey->write) accessforbidden ();
 
+$langs->load("opensurvey");
 
 // On teste toutes les variables pour supprimer l'ensemble des warnings PHP
 // On transforme en entites html les données afin éviter les failles XSS
diff --git a/htdocs/opensurvey/wizard/index.php b/htdocs/opensurvey/wizard/index.php
index 6bb6403ff72..fab1a86320d 100644
--- a/htdocs/opensurvey/wizard/index.php
+++ b/htdocs/opensurvey/wizard/index.php
@@ -28,8 +28,10 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/admin.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/opensurvey/fonctions.php");
 
-$langs->load("opensurvey");
+// Security check
+if (!$user->rights->opensurvey->write) accessforbidden ();
 
+$langs->load("opensurvey");
 
 /*
  * View
-- 
GitLab