mirror of
https://git.code.sf.net/p/seeddms/code
synced 2025-10-31 13:18:06 +00:00
use GET instead of POST
This commit is contained in:
Uwe Steinmann
parent
d1ee800423
commit
05626a4759
|
|
@ -37,20 +37,20 @@ if (!$accessop->check_view_access($view, $_GET)) {
|
|||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["documentid"]) || !is_numeric($_POST["documentid"]) || intval($_POST["documentid"])<1) {
|
||||
if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_GET["documentid"])<1) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
|
||||
}
|
||||
|
||||
$document = $dms->getDocument(intval($_POST["documentid"]));
|
||||
$document = $dms->getDocument(intval($_GET["documentid"]));
|
||||
if (!is_object($document)) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["version"]) || !is_numeric($_POST["version"]) || intval($_POST["version"])<1) {
|
||||
if (!isset($_GET["version"]) || !is_numeric($_GET["version"]) || intval($_GET["version"])<1) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
|
||||
}
|
||||
|
||||
$version = $_POST["version"];
|
||||
$version = $_GET["version"];
|
||||
$version = $document->getContentByVersion($version);
|
||||
|
||||
if (!is_object($version)) {
|
||||
|
|
|
|||
|
|
@ -30,20 +30,24 @@ include("../inc/inc.ClassUI.php");
|
|||
include("../inc/inc.ClassAccessOperation.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if (!isset($_POST["documentid"]) || !is_numeric($_POST["documentid"]) || intval($_POST["documentid"])<1) {
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
|
||||
if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_GET["documentid"])<1) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
|
||||
}
|
||||
|
||||
$document = $dms->getDocument(intval($_POST["documentid"]));
|
||||
$document = $dms->getDocument(intval($_GET["documentid"]));
|
||||
if (!is_object($document)) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["version"]) || !is_numeric($_POST["version"]) || intval($_POST["version"])<1) {
|
||||
if (!isset($_GET["version"]) || !is_numeric($_GET["version"]) || intval($_GET["version"])<1) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
|
||||
}
|
||||
|
||||
$version = $_POST["version"];
|
||||
$version = $_GET["version"];
|
||||
$version = $document->getContentByVersion($version);
|
||||
|
||||
if (!is_object($version)) {
|
||||
|
|
@ -55,18 +59,13 @@ if (!is_object($workflow)) {
|
|||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("document_has_no_workflow"));
|
||||
}
|
||||
|
||||
$transition = $dms->getWorkflowTransition($_POST["transition"]);
|
||||
$transition = $dms->getWorkflowTransition($_GET["transition"]);
|
||||
if (!is_object($transition)) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_workflow_transition"));
|
||||
}
|
||||
|
||||
$folder = $document->getFolder();
|
||||
|
||||
/* Create object for checking access to certain operations */
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
if($view) {
|
||||
$view->setParam('folder', $folder);
|
||||
$view->setParam('document', $document);
|
||||
|
|
|
|||
|
|
@ -1004,7 +1004,7 @@ class SeedDMS_View_ViewDocument extends SeedDMS_Bootstrap_Style {
|
|||
$this->contentContainerStart();
|
||||
if($user->isAdmin()) {
|
||||
if(SeedDMS_Core_DMS::checkIfEqual($workflow->getInitState(), $latestContent->getWorkflowState())) {
|
||||
print "<form action=\"../out/out.RemoveWorkflowFromDocument.php\" method=\"post\">".createHiddenFieldWithKey('removeworkflowfromdocument')."<input type=\"hidden\" name=\"documentid\" value=\"".$documentid."\" /><input type=\"hidden\" name=\"version\" value=\"".$latestContent->getVersion()."\" /><button type=\"submit\" class=\"btn\"><i class=\"icon-remove\"></i> ".getMLText('rm_workflow')."</button></form>";
|
||||
print "<form action=\"../out/out.RemoveWorkflowFromDocument.php\" method=\"get\">".createHiddenFieldWithKey('removeworkflowfromdocument')."<input type=\"hidden\" name=\"documentid\" value=\"".$documentid."\" /><input type=\"hidden\" name=\"version\" value=\"".$latestContent->getVersion()."\" /><button type=\"submit\" class=\"btn\"><i class=\"icon-remove\"></i> ".getMLText('rm_workflow')."</button></form>";
|
||||
} else {
|
||||
print "<form action=\"../out/out.RewindWorkflow.php\" method=\"post\">".createHiddenFieldWithKey('rewindworkflow')."<input type=\"hidden\" name=\"documentid\" value=\"".$documentid."\" /><input type=\"hidden\" name=\"version\" value=\"".$latestContent->getVersion()."\" /><button type=\"submit\" class=\"btn\"><i class=\"icon-refresh\"></i> ".getMLText('rewind_workflow')."</button></form>";
|
||||
}
|
||||
|
|
@ -1106,7 +1106,7 @@ class SeedDMS_View_ViewDocument extends SeedDMS_Bootstrap_Style {
|
|||
echo "<td>";
|
||||
if($latestContent->triggerWorkflowTransitionIsAllowed($user, $transition)) {
|
||||
$action = $transition->getAction();
|
||||
print "<form action=\"../out/out.TriggerWorkflow.php\" method=\"post\">".createHiddenFieldWithKey('triggerworkflow')."<input type=\"hidden\" name=\"documentid\" value=\"".$documentid."\" /><input type=\"hidden\" name=\"version\" value=\"".$latestContent->getVersion()."\" /><input type=\"hidden\" name=\"transition\" value=\"".$transition->getID()."\" /><input type=\"submit\" class=\"btn\" value=\"".getMLText('action_'.strtolower($action->getName()), array(), $action->getName())."\" /></form>";
|
||||
print "<form action=\"../out/out.TriggerWorkflow.php\" method=\"get\">".createHiddenFieldWithKey('triggerworkflow')."<input type=\"hidden\" name=\"documentid\" value=\"".$documentid."\" /><input type=\"hidden\" name=\"version\" value=\"".$latestContent->getVersion()."\" /><input type=\"hidden\" name=\"transition\" value=\"".$transition->getID()."\" /><input type=\"submit\" class=\"btn\" value=\"".getMLText('action_'.strtolower($action->getName()), array(), $action->getName())."\" /></form>";
|
||||
$allowedtransitions[] = $transition;
|
||||
}
|
||||
echo "</td>";
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user