From 5f43ee22ee0841ce3d237ed52e1b8be0b5af5210 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Thu, 29 Mar 2018 17:34:53 +0200
Subject: [locationinfo] Properly check permissions when saving new panel

---
 modules-available/locationinfo/page.inc.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'modules-available/locationinfo')

diff --git a/modules-available/locationinfo/page.inc.php b/modules-available/locationinfo/page.inc.php
index 5ef7a9ed..656c2f81 100644
--- a/modules-available/locationinfo/page.inc.php
+++ b/modules-available/locationinfo/page.inc.php
@@ -1022,8 +1022,14 @@ class Page_LocationInfo extends Page
 			}
 		}
 		$allowed = User::getAllowedLocations($permission);
+		if (in_array(0, $allowed))
+			return;
 		if (!empty($allowed)) {
-			$locations = explode(',', $panel['locationids']);
+			if (isset($panel['locationids'])) {
+				$locations = explode(',', $panel['locationids']);
+			} else {
+				$locations = [];
+			}
 			if (!empty($additionalLocations)) {
 				$locations = array_merge($locations, $additionalLocations);
 			}
-- 
cgit v1.2.3-55-g7522