From bd2d50441f377cfdb3353a6c571ab05028c9d99c Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Thu, 5 Dec 2019 12:54:42 -0800
Subject: [PATCH] Use formal params

---
 filemin/safeacl  | 3 +++
 passwd/safeacl   | 6 ++++++
 web-lib-funcs.pl | 6 ++++--
 3 files changed, 13 insertions(+), 2 deletions(-)
 create mode 100644 filemin/safeacl
 create mode 100644 passwd/safeacl

diff --git a/filemin/safeacl b/filemin/safeacl
new file mode 100644
index 000000000..f3a9700b4
--- /dev/null
+++ b/filemin/safeacl
@@ -0,0 +1,3 @@
+allowed_paths=$HOME
+work_as_root=0
+work_as_user=0
diff --git a/passwd/safeacl b/passwd/safeacl
new file mode 100644
index 000000000..4bfe7bc6b
--- /dev/null
+++ b/passwd/safeacl
@@ -0,0 +1,6 @@
+mode=3
+self=1
+repeat=1
+expire=0
+others=1
+old=1
diff --git a/web-lib-funcs.pl b/web-lib-funcs.pl
index 8c171aa2f..a54d9fb2a 100755
--- a/web-lib-funcs.pl
+++ b/web-lib-funcs.pl
@@ -3938,10 +3938,12 @@ sub get_module_acl
 {
 my $u = defined($_[0]) ? $_[0] : $base_remote_user;
 my $m = defined($_[1]) ? $_[1] : &get_module_name();
+my $norbac = $_[2];
+my $nodef = $_[3];
 $m ||= "";
 my $mdir = &module_root_directory($m);
 my %rv;
-if (!$_[3]) {
+if (!$nodef) {
 	# Read default ACL first, to be overridden by per-user settings
 	&read_file_cached("$mdir/defaultacl", \%rv);
 
@@ -3954,7 +3956,7 @@ if (!$_[3]) {
 		}
 	}
 my %usersacl;
-if (!$_[2] && &supports_rbac($m) && &use_rbac_module_acl($u, $m)) {
+if (!$norbac && &supports_rbac($m) && &use_rbac_module_acl($u, $m)) {
 	# RBAC overrides exist for this user in this module
 	my $rbac = &get_rbac_module_acl(
 			defined($_[0]) ? $_[0] : $remote_user, $m);