Commit 3faa1b93 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Don't allow an institution to 'steal' another institution's xmlrpc remote wwwroot (bug 3411)


Signed-off-by: default avatarRichard Mansfield <richardm@catalyst.net.nz>
parent c84d12e7
......@@ -852,6 +852,14 @@ class PluginAuthXmlrpc extends PluginAuth {
$form->set_error('wwwroot',get_string('cantretrievekey', 'auth'));
}
}
else if ($values['institution'] != $peer->institution) {
if (get_records_sql_array("
SELECT ai.*, aic.*
FROM {auth_instance} ai JOIN {auth_instance_config} aic ON ai.id = aic.instance
WHERE aic.field = 'wwwroot' AND aic.value = ? AND ai.institution = ?", array($values['wwwroot'], $peer->institution))) {
$form->set_error('wwwroot',get_string('hostwwwrootinuse', 'auth', hsc(get_field('institution', 'displayname', 'name', $peer->institution))));
}
}
if (isset($values['publickey'])) {
try {
......
......@@ -79,4 +79,5 @@ $string['requiredfields'] = 'Required profile fields';
$string['requiredfieldsset'] = 'Required profile fields set';
$string['noauthpluginconfigoptions'] = 'There are no configuration options associated with this plugin';
$string['hostwwwrootinuse'] = 'WWW root already in use by another institution (%s)';
?>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment