From e11ff7c2633ae4910e5257338d5628df6bef5862 Mon Sep 17 00:00:00 2001
From: Alan Garcia <a.garcia@nnx.com>
Date: Thu, 31 Jan 2013 17:17:18 +0000
Subject: [PATCH] Ajout de secu dans le checkpolicy

---
 bureau/admin/hta_doadduser.php |  6 ------
 bureau/class/m_admin.php       | 10 ++++++++++
 bureau/class/m_hta.php         |  8 ++++++++
 3 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/bureau/admin/hta_doadduser.php b/bureau/admin/hta_doadduser.php
index 58d678d2..e9d347e1 100644
--- a/bureau/admin/hta_doadduser.php
+++ b/bureau/admin/hta_doadduser.php
@@ -43,12 +43,6 @@ if ($password != $passwordconf) {
 	exit();
 }
 
-if (empty($password)) {
-	$error=_("Please enter a password");
-	include ("hta_adduser.php");
-	exit();
-}
-
 if (!$hta->add_user($user, $password, $dir)) {
 	$error=$err->errstr();
 	include ("hta_adduser.php");
diff --git a/bureau/class/m_admin.php b/bureau/class/m_admin.php
index 7cb1072d..2a0f737f 100644
--- a/bureau/class/m_admin.php
+++ b/bureau/class/m_admin.php
@@ -1123,6 +1123,16 @@ EOF;
    */
   function checkPolicy($policy,$login,$password) {
     global $db,$err;
+
+    if (empty($login)) {
+      $err->raise("admin",_("-- Program error -- CheckPolicy need a login"));
+      return false;
+    }
+    if (empty($password)) {
+      $err->raise("admin",_("-- Program error -- CheckPolicy need a password"));
+      return false;
+    }
+
     $pol=$this->listPasswordPolicies();
     if (!$pol[$policy]) {
       $err->raise("admin",_("-- Program error -- The requested password policy does not exist!"));
diff --git a/bureau/class/m_hta.php b/bureau/class/m_hta.php
index 14773c4f..038a3d81 100644
--- a/bureau/class/m_hta.php
+++ b/bureau/class/m_hta.php
@@ -216,6 +216,14 @@ class m_hta {
   function add_user($user,$password,$dir) {
     global $err, $bro, $admin;
     $err->log("hta","add_user",$user."/".$dir);
+    if (empty($user)) {	
+      $err->raise('hta',_("Please enter a user"));
+      return false;
+    }
+    if (empty($password)) {	
+      $err->raise('hta',_("Please enter a password"));
+      return false;
+    }
     $absolute=$bro->convertabsolute($dir,0);
     if (!file_exists($absolute)) {
       $err->raise("hta",printf(("The folder '%s' does not exist"),$dir));