gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-10-17 22:41:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

check for access

Browse Source
This commit is contained in:
Uwe Steinmann 2016-08-11 12:05:26 +02:00
parent 40b84b89bd
commit 2e19ad3dcb
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
op/op.Download.php
View File

@ -32,6 +32,10 @@ include("../inc/inc.Authentication.php");
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
$controller = Controller::factory($tmp[1]); $controller = Controller::factory($tmp[1]);
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
if (!$accessop->check_controller_access($controller, $_POST)) {
UI::exitError(getMLText("document_title", array("documentname" => "")),getMLText("access_denied"));
}
if (isset($_GET["version"])) { if (isset($_GET["version"])) {

4
op/op.ViewOnline.php
View File

@ -30,6 +30,10 @@ include("../inc/inc.Authentication.php");
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
$controller = Controller::factory($tmp[1]); $controller = Controller::factory($tmp[1]);
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
if (!$accessop->check_controller_access($controller, $_POST)) {
UI::exitError(getMLText("document_title", array("documentname" => "")),getMLText("access_denied"));
}
$documentid = $_GET["documentid"]; $documentid = $_GET["documentid"];
if (!isset($documentid) || !is_numeric($documentid) || intval($documentid)<1) { if (!isset($documentid) || !is_numeric($documentid) || intval($documentid)<1) {