Fix for Users Seeing Cronjobs that Don't Belong to Them

modules/cron/shared_cron_functions.php

@@ -21,8 +21,9 @@
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  *
  */
-function reloadJobs($server_homes, $remote_servers)
+function reloadJobs($server_homes, $remote_servers, $getAllJobs = true)
 {
+	global $db;
 	$remote_servers_offline = array();
 	$jobsArray = array();
 	foreach( $remote_servers as $remote_server )
@@ -71,6 +72,12 @@ function reloadJobs($server_homes, $remote_servers)
 								break;
 						}
 						if(!isset($server_homes[$home_id."_".$ip."_".$port])) continue;
+						
+						if(!$getAllJobs && !hasAccessToCronjobHomeId($homeId)){
+							continue;
+						}
+						
+						
 						$jobsArray[$rhost_id][$jobId] = array( 'job' => $job, 
 															   'minute' => $minute, 
 															   'hour' => $hour, 
@@ -84,6 +91,9 @@ function reloadJobs($server_homes, $remote_servers)
 					}
 					else if(getURLParam("homeid=", $command) !== false){
 						$homeId = getURLParam("homeid=", $command);
+						if(!$getAllJobs && !hasAccessToCronjobHomeId($homeId)){
+							continue;
+						}
 						
 						$action = getURLParam("action=", $command);
 						if($action == "autoUpdateSteamHome"){
@@ -96,6 +106,8 @@ function reloadJobs($server_homes, $remote_servers)
 							$action = "restart";
 						}
 						
+						
+						
 						$jobsArray[$rhost_id][$jobId] = array( 'job' => $job, 
 															   'minute' => $minute, 
 															   'hour' => $hour, 
@@ -108,6 +120,10 @@ function reloadJobs($server_homes, $remote_servers)
 					}
 					else
 					{	
+						if(!$getAllJobs && !$db->isAdmin($_SESSION['user_id'])){
+							continue;
+						}			
+						
 						$jobsArray[$rhost_id][$jobId] = array( 'job' => $job, 
 															   'minute' => $minute, 
 															   'hour' => $hour, 
@@ -265,4 +281,10 @@ function checkCronInput($min, $hour, $day, $month, $dayOfWeek) {
     return (empty($returns) ? true : false);
 }
 
+function hasAccessToCronjobHomeId($home_id){
+	global $db;
+	$hasAccess = ($db->isAdmin($_SESSION['user_id'])) ? true : $db->getUserGameHome($_SESSION['user_id'], $job['home_id']);
+	return $hasAccess;
+}
+
 ?>

modules/cron/user_cron.php

@@ -62,7 +62,7 @@ function exec_ogp_module()
 											"ftp_ip" => $home['ftp_ip']);
 	}
 	
-	list($jobsArray, $remote_servers_offline) = reloadJobs($server_homes, $remote_servers);
+	list($jobsArray, $remote_servers_offline) = reloadJobs($server_homes, $remote_servers, false);
 	
 	if( isset($_POST['addJob']) or isset($_POST['editJob']) )
 	{
@@ -138,7 +138,7 @@ function exec_ogp_module()
 				$remote->scheduler_edit_task($_POST['job_id'], $job);
 			elseif( isset($_POST['addJob']) ) 
 				$remote->scheduler_add_task($job);
-			list($jobsArray, $remote_servers_offline) = reloadJobs($server_homes, $remote_servers);
+			list($jobsArray, $remote_servers_offline) = reloadJobs($server_homes, $remote_servers, false);
 		}
 	}
 	elseif( isset($_POST['removeJob']) and isset($remote_servers[$_POST['r_server_id']]) and isset($jobsArray[$_POST['r_server_id']][$_POST['job_id']]) )
@@ -148,7 +148,7 @@ function exec_ogp_module()
 										$remote_servers[$_POST['r_server_id']]['encryption_key'],
 										$remote_servers[$_POST['r_server_id']]['timeout'] );
 		$remote->scheduler_del_task($_POST['job_id']);
-		list($jobsArray, $remote_servers_offline) = reloadJobs($server_homes, $remote_servers);
+		list($jobsArray, $remote_servers_offline) = reloadJobs($server_homes, $remote_servers, false);
 	}	
 
 	echo "<h2>" . get_lang("schedule_new_job") . "</h2>";
@@ -311,4 +311,4 @@ $(document).ready(function()
 </script>
 <?php
 }
-?>
+?>