Commit 980a6400 authored by Chenu Denis's avatar Chenu Denis

[fix] Better protection of public method

parent d6a6c5ee
......@@ -107,6 +107,9 @@ class extendRemoteControl extends PluginBase {
*/
public function getPluginSettings($getValues=true)
{
if(!Permission::model()->hasGlobalPermission('settings','read')) {
throw new CHttpException(403);
}
$this->settings['information']['content']="";
/* test if plugins/unsecure is in noCsrfValidationRoutes : in internal for compatible LimeSurvey version */
if(in_array('plugins/unsecure',App()->request->noCsrfValidationRoutes))
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment