From 081c4a88a2ca0cd7e4c0020d9de68267d540876b Mon Sep 17 00:00:00 2001
From: Dmitriy Simushev <simushevds@ossg.ru>
Date: Fri, 26 Apr 2013 10:47:32 +0000
Subject: [PATCH] Do not grant all privileges to operators by default

---
 src/messenger/webim/install/dbinfo.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/messenger/webim/install/dbinfo.php b/src/messenger/webim/install/dbinfo.php
index 0026e364..9f52b8f8 100644
--- a/src/messenger/webim/install/dbinfo.php
+++ b/src/messenger/webim/install/dbinfo.php
@@ -93,7 +93,7 @@ $dbtables = array(
 		"idisabled" => "int DEFAULT 0",
 		"vcavatar" => "varchar(255)",
 		"vcjabbername" => "varchar(255)",
-		"iperm" => "int DEFAULT 65535",
+		"iperm" => "int DEFAULT 0", /* Do not grant all privileges by default */
 		"dtmrestore" => "int NOT NULL DEFAULT 0",
 		"vcrestoretoken" => "varchar(64)",
 	),
@@ -254,6 +254,7 @@ function create_table($id, $link)
 
 	if ($id == "${mysqlprefix}chatoperator") {
 		// Create First Administrator
+		// Grant all privileges by default only for First Administrator
 		mysql_query(
 			"INSERT INTO ${mysqlprefix}chatoperator ( " .
 				"vclogin, " .
@@ -261,14 +262,16 @@ function create_table($id, $link)
 				"vclocalename, " .
 				"vccommonname, " .
 				"vcavatar, " .
-				"vcemail " .
+				"vcemail, " .
+				"iperm " .
 			") values ( " .
 				"'admin', " .
 				"MD5(''), " .
 				"'', " .
 				"'Administrator', " .
 				"'Administrator', " .
-				"''" .
+				"'', " .
+				"65535" .
 			")",
 			$link
 		);