From: Alan Knowles <alan@roojs.com>
Date: Fri, 14 Sep 2012 05:55:15 +0000 (+0800)
Subject: GroupRights.php
X-Git-Url: http://git.roojs.org/?p=Pman.Admin;a=commitdiff_plain;h=9d4e026112d4a950bba270b43b04e10d7e13f448

GroupRights.php
---

diff --git a/GroupRights.php b/GroupRights.php
index 848761d..c3976f8 100644
--- a/GroupRights.php
+++ b/GroupRights.php
@@ -32,6 +32,12 @@ class Pman_Admin_GroupRights extends Pman
         if (!$this->hasPerm( 'Core.Groups','S')) { // listing groups..
             $this->jerr("PERMISSION DENIED");
         }
+        
+        $g = DB_DataObject::Factory('group');
+        if (!$g->get($_GET['group_id'])) {
+            $this->jerr("group is invalid");
+        }
+        
          //   DB_DataObject::debugLevel(1);
         $p = DB_DataObject::factory('group_rights');
         $p->group_id = (int)$_GET['group_id'];