From d1ba8c934978e24617e6ba8614a6e607192f1fe0 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Tue, 06 Dec 2005 09:30:59 -0500
Subject: [PATCH] 

---
 interface/web/dns/rr_del.php |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/interface/web/dns/rr_del.php b/interface/web/dns/rr_del.php
index d90001f..e06ff84 100644
--- a/interface/web/dns/rr_del.php
+++ b/interface/web/dns/rr_del.php
@@ -56,7 +56,10 @@
         function onDelete() {
                 global $app, $conf;
 
-                $rr = $app->db->queryOneRecord("SELECT * FROM rr WHERE id = ".$_REQUEST['id']);
+                $app->uses('tform');
+                if(!$rr = $app->db->queryOneRecord("SELECT * FROM rr WHERE id = ".$_REQUEST['id']." AND ".$app->tform->getAuthSQL('d'))) $app->error('not allowed');
+
+                //$rr = $app->db->queryOneRecord("SELECT * FROM rr WHERE id = ".$_REQUEST['id']);
                 $zone_id = $rr['zone'];
 
                 // update serial

--
Gitblit v1.9.1