From 1924e1901d6312759941e70649ab7e12d6678a27 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Thu, 22 Oct 2020 12:42:54 +0200 Subject: [PATCH 1/3] unset formtoken before creating link to footer js file --- views/bootstrap/class.Bootstrap.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/views/bootstrap/class.Bootstrap.php b/views/bootstrap/class.Bootstrap.php index 84c58d331..527a6ca4b 100644 --- a/views/bootstrap/class.Bootstrap.php +++ b/views/bootstrap/class.Bootstrap.php @@ -179,6 +179,8 @@ background-image: linear-gradient(to bottom, #882222, #111111);; echo ''."\n"; parse_str($_SERVER['QUERY_STRING'], $tmp); $tmp['action'] = 'webrootjs'; + if(isset($tmp['formtoken'])) + unset($tmp['formtoken']); echo ''."\n"; echo ''."\n"; if($this->params['enablemenutasks'] && isset($this->params['user']) && $this->params['user']) { From 0c07a0568e3c10f97662a3f346177c47b4b373b1 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Thu, 22 Oct 2020 12:45:15 +0200 Subject: [PATCH 2/3] do not allow a second user substitution --- views/bootstrap/class.Bootstrap.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/views/bootstrap/class.Bootstrap.php b/views/bootstrap/class.Bootstrap.php index 527a6ca4b..fffc26021 100644 --- a/views/bootstrap/class.Bootstrap.php +++ b/views/bootstrap/class.Bootstrap.php @@ -346,9 +346,11 @@ background-image: linear-gradient(to bottom, #882222, #111111);; echo " \n"; echo " \n"; } - if($this->params['user']->isAdmin()) { - $showdivider = true; - echo "
  • ".getMLText("substitute_user")."
    • \n"; + if(!$this->params['session']->getSu()) { + if($this->params['user']->isAdmin()) { + $showdivider = true; + echo "
  • ".getMLText("substitute_user")."
    • \n"; + } } if($showdivider) echo "
  • \n"; From 196ea676be3fe184bd28942e525f8114c321afec Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Thu, 22 Oct 2020 13:12:02 +0200 Subject: [PATCH 3/3] minor backports from 6.0.x --- views/bootstrap/class.Bootstrap.php | 39 ++++++++++++++++++----------- 1 file changed, 24 insertions(+), 15 deletions(-) diff --git a/views/bootstrap/class.Bootstrap.php b/views/bootstrap/class.Bootstrap.php index fffc26021..aa3400cd7 100644 --- a/views/bootstrap/class.Bootstrap.php +++ b/views/bootstrap/class.Bootstrap.php @@ -583,6 +583,7 @@ background-image: linear-gradient(to bottom, #882222, #111111);; } /* }}} */ private function documentNavigationBar($document) { /* {{{ */ + $accessobject = $this->params['accessobject']; $accessMode = $document->getAccessMode($this->params['user']); $docid=".php?documentid=" . $document->getID(); echo "".getMLText("document")."\n"; @@ -606,7 +607,7 @@ background-image: linear-gradient(to bottom, #882222, #111111);; $menuitems['move_document'] = array('link'=>"../out/out.MoveDocument".$docid, 'label'=>'move_document'); } } - if($this->params['accessobject']->maySetExpires()) { + if($accessobject->maySetExpires()) { $menuitems['expires'] = array('link'=>"../out/out.SetExpires".$docid, 'label'=>'expires'); } } @@ -768,7 +769,8 @@ background-image: linear-gradient(to bottom, #882222, #111111);; echo "
  • ".getMLText("week_view")."
    • \n"; echo "
  • ".getMLText("month_view")."
    • \n"; echo "
  • ".getMLText("year_view")."
    • \n"; - if (!$this->params['user']->isGuest()) echo "
  • ".getMLText("add_event")."
    • \n"; + if (!$this->params['user']->isGuest()) + echo "
  • ".getMLText("add_event")."
    • \n"; echo "\n"; echo "\n"; return; @@ -1277,7 +1279,7 @@ $(document).ready(function() { $content = ''; $content .= "getID() : "") ."\">"; $content .= "
    \n"; - $content .= "getName()) : "") ."\"/>"; + $content .= "getName()) : "") ."\" placeholder=\"".getMLText('type_to_search')."\" autocomplete=\"off\" />"; $content .= ""; if(!$skiptree) $content .= "params['rootfolderid']."\" role=\"button\" class=\"btn\" data-toggle=\"modal\">".getMLText("document")."…\n"; @@ -1512,7 +1514,12 @@ $(document).ready(function() { ".getMLText('error')."!"; print htmlspecialchars($error); print "
    "; - print "
    "; - - $this->contentEnd(); - $this->htmlEndPage(); + if(!$plain) { + print "
    "; + + $this->contentEnd(); + $this->htmlEndPage(); + } add_log_line(" UI::exitError error=".$error." pagetitle=".$pagetitle, PEAR_LOG_ERR); @@ -1926,9 +1935,9 @@ $(document).ready(function() { $folder = $this->params['dms']->getFolder($folderid); if(!$partialtree) { $path = $folder->getPath(); + /* Get the first folder (root folder) of path */ + $folder = array_shift($path); } - /* Get the first folder (root folder) of path */ - $folder = array_shift($path); $node = array('label'=>$folder->getName(), 'id'=>$folder->getID(), 'load_on_demand'=>false, 'is_folder'=>true); if(!$folder->hasSubFolders()) { $node['load_on_demand'] = true; @@ -2628,9 +2637,6 @@ $('body').on('click', '[id^=\"table-row-folder\"] td:nth-child(2)', function(ev) if (strlen($comment) > 150) $comment = substr($comment, 0, 147) . "..."; $docID = $document->getID(); - if(!$skipcont) - $content .= $this->documentListRowStart($document); - if($version) { $latestContent = $this->callHook('documentContent', $document, $version); if($latestContent === null) @@ -2642,6 +2648,9 @@ $('body').on('click', '[id^=\"table-row-folder\"] td:nth-child(2)', function(ev) } if($latestContent) { + if(!$skipcont) + $content .= $this->documentListRowStart($document); + $previewer->createPreview($latestContent); $version = $latestContent->getVersion(); $status = $latestContent->getStatus(); @@ -2742,9 +2751,9 @@ $('body').on('click', '[id^=\"table-row-folder\"] td:nth-child(2)', function(ev) $content .= $extracontent['end_action_list']; $content .= ""; $content .= ""; + if(!$skipcont) + $content .= $this->documentListRowEnd($document); } - if(!$skipcont) - $content .= $this->documentListRowEnd($document); return $content; } /* }}} */