Don't allow an institution to 'steal' another institution's xmlrpc remote wwwroot (bug 3411)

Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>

Don't allow an institution to 'steal' another institution's xmlrpc remote wwwroot (bug 3411)
Signed-off-by: Richard Mansfield <richardm@catalyst.net.nz>
3faa1b93 · Richard Mansfield · c84d12e7 · 3faa1b93 · 3faa1b93
Commit 3faa1b93 authored Nov 04, 2009 by Richard Mansfield
--- a/htdocs/auth/xmlrpc/lib.php
+++ b/htdocs/auth/xmlrpc/lib.php
@@ -852,6 +852,14 @@ class PluginAuthXmlrpc extends PluginAuth {
                $form->set_error('wwwroot',get_string('cantretrievekey', 'auth'));
            }
        }
+        else if ($values['institution'] != $peer->institution) {
+            if (get_records_sql_array("
+                SELECT ai.*, aic.*
+                FROM {auth_instance} ai JOIN {auth_instance_config} aic ON ai.id = aic.instance
+                WHERE aic.field = 'wwwroot' AND aic.value = ? AND ai.institution = ?", array($values['wwwroot'], $peer->institution))) {
+                $form->set_error('wwwroot',get_string('hostwwwrootinuse', 'auth', hsc(get_field('institution', 'displayname', 'name', $peer->institution))));
+            }
+        }

        if (isset($values['publickey'])) {
            try {

--- a/htdocs/lang/en.utf8/auth.php
+++ b/htdocs/lang/en.utf8/auth.php
@@ -79,4 +79,5 @@ $string['requiredfields'] = 'Required profile fields';
 $string['requiredfieldsset'] = 'Required profile fields set';
 $string['noauthpluginconfigoptions'] = 'There are no configuration options associated with this plugin';

+$string['hostwwwrootinuse'] = 'WWW root already in use by another institution (%s)';
 ?>