mirror of
https://git.code.sf.net/p/seeddms/code
synced 2025-02-11 09:35:00 +00:00
- lots of fixes to prevent CSRF attacks
This commit is contained in:
steinm
parent
54273250d4
commit
452221fe2b
|
|
@ -28,12 +28,18 @@ if (!$user->isAdmin()) {
|
|||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
$action = $_GET["action"];
|
||||
if (isset($_POST["action"])) $action=$_POST["action"];
|
||||
else $action=NULL;
|
||||
|
||||
//Neue Kategorie anlegen -----------------------------------------------------------------------------
|
||||
if ($action == "addcategory") {
|
||||
|
||||
$name = trim($_GET["name"]);
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('addcategory')) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
$name = trim($_POST["name"]);
|
||||
if($name == '') {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("category_noname"));
|
||||
}
|
||||
|
|
@ -50,10 +56,15 @@ if ($action == "addcategory") {
|
|||
//Kategorie löschen ----------------------------------------------------------------------------------
|
||||
else if ($action == "removecategory") {
|
||||
|
||||
if (!isset($_GET["categoryid"]) || !is_numeric($_GET["categoryid"]) || intval($_GET["categoryid"])<1) {
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('removecategory')) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["categoryid"]) || !is_numeric($_POST["categoryid"]) || intval($_POST["categoryid"])<1) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("unknown_document_category"));
|
||||
}
|
||||
$categoryid = $_GET["categoryid"];
|
||||
$categoryid = $_POST["categoryid"];
|
||||
$category = $dms->getDocumentCategory($categoryid);
|
||||
if (!is_object($category)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("unknown_document_category"));
|
||||
|
|
@ -68,16 +79,21 @@ else if ($action == "removecategory") {
|
|||
//Kategorie bearbeiten: Neuer Name --------------------------------------------------------------------
|
||||
else if ($action == "editcategory") {
|
||||
|
||||
if (!isset($_GET["categoryid"]) || !is_numeric($_GET["categoryid"]) || intval($_GET["categoryid"])<1) {
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('editcategory')) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["categoryid"]) || !is_numeric($_POST["categoryid"]) || intval($_POST["categoryid"])<1) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("unknown_document_category"));
|
||||
}
|
||||
$categoryid = $_GET["categoryid"];
|
||||
$categoryid = $_POST["categoryid"];
|
||||
$category = $dms->getDocumentCategory($categoryid);
|
||||
if (!is_object($category)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("unknown_document_category"));
|
||||
}
|
||||
|
||||
$name = $_GET["name"];
|
||||
$name = $_POST["name"];
|
||||
if (!$category->setName($name)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("error_occured"));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -28,12 +28,18 @@ if (!$user->isAdmin()) {
|
|||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
$action = $_GET["action"];
|
||||
if (isset($_POST["action"])) $action=$_POST["action"];
|
||||
else $action=NULL;
|
||||
|
||||
//Neue Kategorie anlegen -----------------------------------------------------------------------------
|
||||
if ($action == "addcategory") {
|
||||
|
||||
$name = $_GET["name"];
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('addcategory')) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
$name = $_POST["name"];
|
||||
if (is_object($dms->getKeywordCategoryByName($name, $user->getID()))) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("keyword_exists"));
|
||||
}
|
||||
|
|
@ -47,10 +53,15 @@ if ($action == "addcategory") {
|
|||
//Kategorie löschen ----------------------------------------------------------------------------------
|
||||
else if ($action == "removecategory") {
|
||||
|
||||
if (!isset($_GET["categoryid"]) || !is_numeric($_GET["categoryid"]) || intval($_GET["categoryid"])<1) {
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('removecategory')) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["categoryid"]) || !is_numeric($_POST["categoryid"]) || intval($_POST["categoryid"])<1) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("unknown_keyword_category"));
|
||||
}
|
||||
$categoryid = $_GET["categoryid"];
|
||||
$categoryid = $_POST["categoryid"];
|
||||
$category = $dms->getKeywordCategory($categoryid);
|
||||
if (!is_object($category)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("unknown_keyword_category"));
|
||||
|
|
@ -69,10 +80,15 @@ else if ($action == "removecategory") {
|
|||
//Kategorie bearbeiten: Neuer Name --------------------------------------------------------------------
|
||||
else if ($action == "editcategory") {
|
||||
|
||||
if (!isset($_GET["categoryid"]) || !is_numeric($_GET["categoryid"]) || intval($_GET["categoryid"])<1) {
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('editcategory')) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["categoryid"]) || !is_numeric($_POST["categoryid"]) || intval($_POST["categoryid"])<1) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("unknown_keyword_category"));
|
||||
}
|
||||
$categoryid = $_GET["categoryid"];
|
||||
$categoryid = $_POST["categoryid"];
|
||||
$category = $dms->getKeywordCategory($categoryid);
|
||||
if (!is_object($category)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("unknown_keyword_category"));
|
||||
|
|
@ -83,7 +99,7 @@ else if ($action == "editcategory") {
|
|||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
$name = $_GET["name"];
|
||||
$name = $_POST["name"];
|
||||
if (!$category->setName($name)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("error_occured"));
|
||||
}
|
||||
|
|
@ -92,27 +108,38 @@ else if ($action == "editcategory") {
|
|||
//Kategorie bearbeiten: Neue Stichwortliste ----------------------------------------------------------
|
||||
else if ($action == "newkeywords") {
|
||||
|
||||
$categoryid = (int) $_GET["categoryid"];
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('newkeywords')) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
$categoryid = (int) $_POST["categoryid"];
|
||||
$category = $dms->getKeywordCategory($categoryid);
|
||||
$owner = $category->getOwner();
|
||||
if (!$owner->isAdmin()) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
$keywords = $_GET["keywords"];
|
||||
|
||||
if (!$category->addKeywordList($keywords)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("error_occured"));
|
||||
}
|
||||
$keywords = $_POST["keywords"];
|
||||
if(trim($keywords)) {
|
||||
if (!$category->addKeywordList($keywords)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("error_occured"));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
//Kategorie bearbeiten: Stichwortliste bearbeiten ----------------------------------------------------------
|
||||
else if ($action == "editkeywords")
|
||||
{
|
||||
if (!isset($_GET["categoryid"]) || !is_numeric($_GET["categoryid"]) || intval($_GET["categoryid"])<1) {
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('editkeywords')) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["categoryid"]) || !is_numeric($_POST["categoryid"]) || intval($_POST["categoryid"])<1) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("unknown_keyword_category"));
|
||||
}
|
||||
$categoryid = $_GET["categoryid"];
|
||||
$categoryid = $_POST["categoryid"];
|
||||
$category = $dms->getKeywordCategory($categoryid);
|
||||
if (!is_object($category)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("unknown_keyword_category"));
|
||||
|
|
@ -124,12 +151,12 @@ else if ($action == "editkeywords")
|
|||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
if (!isset($_GET["keywordsid"]) || !is_numeric($_GET["keywordsid"]) || intval($_GET["keywordsid"])<1) {
|
||||
if (!isset($_POST["keywordsid"]) || !is_numeric($_POST["keywordsid"]) || intval($_POST["keywordsid"])<1) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("unknown_id"));
|
||||
}
|
||||
$keywordsid = $_GET["keywordsid"];
|
||||
$keywordsid = $_POST["keywordsid"];
|
||||
|
||||
$keywords = $_GET["keywords"];
|
||||
$keywords = $_POST["keywords"];
|
||||
if (!$category->editKeywordList($keywordsid, $keywords)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("error_occured"));
|
||||
}
|
||||
|
|
@ -138,10 +165,15 @@ else if ($action == "editkeywords")
|
|||
//Kategorie bearbeiten: Neue Stichwortliste löschen ----------------------------------------------------------
|
||||
else if ($action == "removekeywords") {
|
||||
|
||||
if (!isset($_GET["categoryid"]) || !is_numeric($_GET["categoryid"]) || intval($_GET["categoryid"])<1) {
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('removekeywords')) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["categoryid"]) || !is_numeric($_POST["categoryid"]) || intval($_POST["categoryid"])<1) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("unknown_keyword_category"));
|
||||
}
|
||||
$categoryid = $_GET["categoryid"];
|
||||
$categoryid = $_POST["categoryid"];
|
||||
$category = $dms->getKeywordCategory($categoryid);
|
||||
if (!is_object($category)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("unknown_keyword_category"));
|
||||
|
|
@ -152,10 +184,10 @@ else if ($action == "removekeywords") {
|
|||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
if (!isset($_GET["keywordsid"]) || !is_numeric($_GET["keywordsid"]) || intval($_GET["keywordsid"])<1) {
|
||||
if (!isset($_POST["keywordsid"]) || !is_numeric($_POST["keywordsid"]) || intval($_POST["keywordsid"])<1) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("unknown_id"));
|
||||
}
|
||||
$keywordsid = $_GET["keywordsid"];
|
||||
$keywordsid = $_POST["keywordsid"];
|
||||
|
||||
if (!$category->removeKeywordList($keywordsid)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("error_occured"));
|
||||
|
|
|
|||
|
|
@ -32,6 +32,11 @@ if ($user->isGuest()) {
|
|||
UI::exitError(getMLText("edit_event"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('editevent')) {
|
||||
UI::exitError(getMLText("edit_event"),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["frommonth"]) || !isset($_POST["fromday"]) || !isset($_POST["fromyear"]) ) {
|
||||
UI::exitError(getMLText("edit_event"),getMLText("error_occured"));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -30,15 +30,19 @@ if (!$user->isAdmin()) {
|
|||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
if (isset($_GET["action"])) $action = $_GET["action"];
|
||||
else if (isset($_POST["action"])) $action = $_POST["action"];
|
||||
|
||||
if (isset($_POST["action"])) $action = $_POST["action"];
|
||||
else $action = null;
|
||||
|
||||
//Neue Gruppe anlegen -----------------------------------------------------------------------------
|
||||
if ($action == "addgroup") {
|
||||
|
||||
$name = $_GET["name"];
|
||||
$comment = $_GET["comment"];
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('addgroup')) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
$name = $_POST["name"];
|
||||
$comment = $_POST["comment"];
|
||||
|
||||
if (is_object($dms->getGroupByName($name))) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("group_exists"));
|
||||
|
|
@ -57,6 +61,11 @@ if ($action == "addgroup") {
|
|||
//Gruppe löschen ----------------------------------------------------------------------------------
|
||||
else if ($action == "removegroup") {
|
||||
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('removegroup')) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["groupid"]) || !is_numeric($_POST["groupid"]) || intval($_POST["groupid"])<1) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_group_id"));
|
||||
}
|
||||
|
|
@ -76,19 +85,24 @@ else if ($action == "removegroup") {
|
|||
//Gruppe bearbeiten -------------------------------------------------------------------------------
|
||||
else if ($action == "editgroup") {
|
||||
|
||||
if (!isset($_GET["groupid"]) || !is_numeric($_GET["groupid"]) || intval($_GET["groupid"])<1) {
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('editgroup')) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["groupid"]) || !is_numeric($_POST["groupid"]) || intval($_POST["groupid"])<1) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_group_id"));
|
||||
}
|
||||
|
||||
$groupid=$_GET["groupid"];
|
||||
$groupid=$_POST["groupid"];
|
||||
$group = $dms->getGroup($groupid);
|
||||
|
||||
if (!is_object($group)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_group_id"));
|
||||
}
|
||||
|
||||
$name = $_GET["name"];
|
||||
$comment = $_GET["comment"];
|
||||
$name = $_POST["name"];
|
||||
$comment = $_POST["comment"];
|
||||
|
||||
if ($group->getName() != $name)
|
||||
$group->setName($name);
|
||||
|
|
@ -101,6 +115,11 @@ else if ($action == "editgroup") {
|
|||
//Benutzer zu Gruppe hinzufügen -------------------------------------------------------------------
|
||||
else if ($action == "addmember") {
|
||||
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('addmember')) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["groupid"]) || !is_numeric($_POST["groupid"]) || intval($_POST["groupid"])<1) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_group_id"));
|
||||
}
|
||||
|
|
@ -132,22 +151,27 @@ else if ($action == "addmember") {
|
|||
//Benutzer aus Gruppe entfernen -------------------------------------------------------------------
|
||||
else if ($action == "rmmember") {
|
||||
|
||||
if (!isset($_GET["groupid"]) || !is_numeric($_GET["groupid"]) || intval($_GET["groupid"])<1) {
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('rmmember')) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["groupid"]) || !is_numeric($_POST["groupid"]) || intval($_POST["groupid"])<1) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_group_id"));
|
||||
}
|
||||
|
||||
$groupid=$_GET["groupid"];
|
||||
$groupid=$_POST["groupid"];
|
||||
$group = $dms->getGroup($groupid);
|
||||
|
||||
if (!is_object($group)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_group_id"));
|
||||
}
|
||||
|
||||
if (!isset($_GET["userid"]) || !is_numeric($_GET["userid"]) || intval($_GET["userid"])<1) {
|
||||
if (!isset($_POST["userid"]) || !is_numeric($_POST["userid"]) || intval($_POST["userid"])<1) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
|
||||
}
|
||||
|
||||
$oldMember = $dms->getUser($_GET["userid"]);
|
||||
$oldMember = $dms->getUser($_POST["userid"]);
|
||||
if (!is_object($oldMember)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
|
||||
}
|
||||
|
|
@ -160,22 +184,27 @@ else if ($action == "rmmember") {
|
|||
// toggle manager flag
|
||||
else if ($action == "tmanager") {
|
||||
|
||||
if (!isset($_GET["groupid"]) || !is_numeric($_GET["groupid"]) || intval($_GET["groupid"])<1) {
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('tmanager')) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["groupid"]) || !is_numeric($_POST["groupid"]) || intval($_POST["groupid"])<1) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_group_id"));
|
||||
}
|
||||
|
||||
$groupid=$_GET["groupid"];
|
||||
$groupid=$_POST["groupid"];
|
||||
$group = $dms->getGroup($groupid);
|
||||
|
||||
if (!is_object($group)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_group_id"));
|
||||
}
|
||||
|
||||
if (!isset($_GET["userid"]) || !is_numeric($_GET["userid"]) || intval($_GET["userid"])<1) {
|
||||
if (!isset($_POST["userid"]) || !is_numeric($_POST["userid"]) || intval($_POST["userid"])<1) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
|
||||
}
|
||||
|
||||
$usertoedit = $dms->getUser($_GET["userid"]);
|
||||
$usertoedit = $dms->getUser($_POST["userid"]);
|
||||
if (!is_object($usertoedit)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -27,6 +27,11 @@ if (!$user->isAdmin()) {
|
|||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('removearchive')) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["arkname"]) || !file_exists($settings->_contentDir.$_POST["arkname"]) ) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("unknown_id"));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,6 +25,11 @@ include("../inc/inc.Language.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('removedocument')) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_request_token"))),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["documentid"]) || !is_numeric($_POST["documentid"]) || intval($_POST["documentid"])<1) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -24,6 +24,11 @@ include("../inc/inc.Language.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('removedocumentfile')) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_request_token"))),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["documentid"]) || !is_numeric($_POST["documentid"]) || intval($_POST["documentid"])<1) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -23,22 +23,27 @@ include("../inc/inc.Language.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_GET["documentid"])<1) {
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('removedocumentlink')) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_request_token"))),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["documentid"]) || !is_numeric($_POST["documentid"]) || intval($_POST["documentid"])<1) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
|
||||
}
|
||||
|
||||
$documentid = $_GET["documentid"];
|
||||
$documentid = $_POST["documentid"];
|
||||
$document = $dms->getDocument($documentid);
|
||||
|
||||
if (!is_object($document)) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
|
||||
}
|
||||
|
||||
if (!isset($_GET["linkid"]) || !is_numeric($_GET["linkid"]) || intval($_GET["linkid"])<1) {
|
||||
if (!isset($_POST["linkid"]) || !is_numeric($_POST["linkid"]) || intval($_POST["linkid"])<1) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_link_id"));
|
||||
}
|
||||
|
||||
$linkid = $_GET["linkid"];
|
||||
$linkid = $_POST["linkid"];
|
||||
$link = $document->getDocumentLink($linkid);
|
||||
|
||||
if (!is_object($link)) {
|
||||
|
|
|
|||
|
|
@ -27,6 +27,11 @@ if (!$user->isAdmin()) {
|
|||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('removedump')) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["dumpname"]) || !file_exists($settings->_contentDir.$_POST["dumpname"]) ) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("unknown_id"));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -28,6 +28,11 @@ include("../inc/inc.ClassUI.php");
|
|||
include("../inc/inc.Calendar.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('removeevent')) {
|
||||
UI::exitError(getMLText("edit_event"),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["eventid"]) || !is_numeric($_POST["eventid"]) || intval($_POST["eventid"])<1) {
|
||||
UI::exitError(getMLText("edit_event"),getMLText("error_occured"));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,10 +25,15 @@ include("../inc/inc.Language.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if (!isset($_GET["folderid"]) || !is_numeric($_GET["folderid"]) || intval($_GET["folderid"])<1) {
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('removefolder')) {
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => getMLText("invalid_request_token"))),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["folderid"]) || !is_numeric($_POST["folderid"]) || intval($_POST["folderid"])<1) {
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => getMLText("invalid_folder_id"))),getMLText("invalid_folder_id"));
|
||||
}
|
||||
$folderid = $_GET["folderid"];
|
||||
$folderid = $_POST["folderid"];
|
||||
$folder = $dms->getFolder($folderid);
|
||||
|
||||
if (!is_object($folder)) {
|
||||
|
|
@ -71,6 +76,6 @@ if ($folder->remove()) {
|
|||
|
||||
add_log_line();
|
||||
|
||||
header("Location:../out/out.ViewFolder.php?folderid=".$parent->getID()."&showtree=".$_GET["showtree"]);
|
||||
header("Location:../out/out.ViewFolder.php?folderid=".$parent->getID()."&showtree=".$_POST["showtree"]);
|
||||
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -28,6 +28,11 @@ if (!$user->isAdmin()) {
|
|||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('removefolderfiles')) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
function removeFolderFiles($folder) {
|
||||
global $dms;
|
||||
|
||||
|
|
|
|||
|
|
@ -23,6 +23,11 @@ include("../inc/inc.Language.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('removelog')) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
if (!$user->isAdmin()) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -97,6 +97,7 @@ if ($action == "saveSettings")
|
|||
$settings->_passwordExpiration = intval($_POST["passwordExpiration"]);
|
||||
$settings->_passwordHistory = intval($_POST["passwordHistory"]);
|
||||
$settings->_loginFailure = intval($_POST["loginFailure"]);
|
||||
$settings->_encryptionKey = strval($_POST["encryptionKey"]);
|
||||
|
||||
// TODO Connectors
|
||||
|
||||
|
|
|
|||
|
|
@ -33,12 +33,16 @@ if (!$user->isAdmin()) {
|
|||
}
|
||||
|
||||
if (isset($_POST["action"])) $action=$_POST["action"];
|
||||
else if (isset($_GET["action"])) $action=$_GET["action"];
|
||||
else $action=NULL;
|
||||
|
||||
//Neuen Benutzer anlegen --------------------------------------------------------------------------
|
||||
if ($action == "adduser") {
|
||||
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('adduser')) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
$login = $_POST["login"];
|
||||
$pwd = $_POST["pwd"];
|
||||
$pwdexpiration = $_POST["pwdexpiration"];
|
||||
|
|
@ -103,12 +107,14 @@ if ($action == "adduser") {
|
|||
//Benutzer löschen --------------------------------------------------------------------------------
|
||||
else if ($action == "removeuser") {
|
||||
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('removeuser')) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
if (isset($_POST["userid"])) {
|
||||
$userid = $_POST["userid"];
|
||||
}
|
||||
else if (isset($_GET["userid"])) {
|
||||
$userid = $_GET["userid"];
|
||||
}
|
||||
|
||||
if (!isset($userid) || !is_numeric($userid) || intval($userid)<1) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
|
||||
|
|
@ -139,6 +145,11 @@ else if ($action == "removeuser") {
|
|||
//Benutzer bearbeiten -----------------------------------------------------------------------------
|
||||
else if ($action == "edituser") {
|
||||
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('edituser')) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["userid"]) || !is_numeric($_POST["userid"]) || intval($_POST["userid"])<1) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -78,7 +78,8 @@ UI::contentContainerStart();
|
|||
</td>
|
||||
|
||||
<td id="categories0" style="display : none;">
|
||||
<form action="../op/op.Categories.php" >
|
||||
<form action="../op/op.Categories.php" method="post">
|
||||
<?php echo createHiddenFieldWithKey('addcategory'); ?>
|
||||
<input type="Hidden" name="action" value="addcategory">
|
||||
<?php printMLText("name");?> : <input name="name">
|
||||
<input type="Submit" value="<?php printMLText("new_document_category"); ?>">
|
||||
|
|
@ -97,7 +98,12 @@ UI::contentContainerStart();
|
|||
<?php
|
||||
if(!$category->isUsed()) {
|
||||
?>
|
||||
<a href="../op/op.Categories.php?categoryid=<?php print $category->getID();?>&action=removecategory"><img src="images/del.gif" border="0"><?php printMLText("rm_document_category");?></a>
|
||||
<form style="display: inline-block;" method="post" action="../op/op.Categories.php" >
|
||||
<?php echo createHiddenFieldWithKey('removecategory'); ?>
|
||||
<input type="Hidden" name="categoryid" value="<?php echo $category->getID()?>">
|
||||
<input type="Hidden" name="action" value="removecategory">
|
||||
<input value="<?php echo getMLText("rm_document_category")?>" type="submit">
|
||||
</form>
|
||||
<?php
|
||||
} else {
|
||||
?>
|
||||
|
|
@ -116,6 +122,7 @@ UI::contentContainerStart();
|
|||
<td><?php echo getMLText("name")?>:</td>
|
||||
<td>
|
||||
<form action="../op/op.Categories.php" >
|
||||
<?php echo createHiddenFieldWithKey('editcategory'); ?>
|
||||
<input type="Hidden" name="action" value="editcategory">
|
||||
<input type="Hidden" name="categoryid" value="<?php echo $category->getID()?>">
|
||||
<input name="name" value="<?php echo htmlspecialchars($category->getName()) ?>">
|
||||
|
|
|
|||
|
|
@ -81,7 +81,8 @@ UI::contentContainerStart();
|
|||
</td>
|
||||
|
||||
<td id="keywords0" style="display : none;">
|
||||
<form action="../op/op.DefaultKeywords.php" >
|
||||
<form action="../op/op.DefaultKeywords.php" method="post">
|
||||
<?php echo createHiddenFieldWithKey('addcategory'); ?>
|
||||
<input type="Hidden" name="action" value="addcategory">
|
||||
<?php printMLText("name");?> : <input name="name">
|
||||
<input type="Submit" value="<?php printMLText("new_default_keyword_category"); ?>">
|
||||
|
|
@ -100,7 +101,12 @@ UI::contentContainerStart();
|
|||
<table>
|
||||
<tr>
|
||||
<td colspan="2">
|
||||
<a href="../op/op.DefaultKeywords.php?categoryid=<?php print $category->getID();?>&action=removecategory"><img src="images/del.gif" border="0"><?php printMLText("rm_default_keyword_category");?></a>
|
||||
<form action="../op/op.DefaultKeywords.php" method="post">
|
||||
<?php echo createHiddenFieldWithKey('removecategory'); ?>
|
||||
<input type="Hidden" name="action" value="removecategory">
|
||||
<input type="Hidden" name="categoryid" value="<?php echo $category->getID()?>">
|
||||
<input value="<?php printMLText("rm_default_keyword_category");?>" type="submit" title="<?php echo getMLText("delete")?>">
|
||||
</form>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
|
|
@ -111,7 +117,8 @@ UI::contentContainerStart();
|
|||
<tr>
|
||||
<td><?php echo getMLText("name")?>:</td>
|
||||
<td>
|
||||
<form action="../op/op.DefaultKeywords.php" >
|
||||
<form action="../op/op.DefaultKeywords.php" method="post">
|
||||
<?php echo createHiddenFieldWithKey('editcategory'); ?>
|
||||
<input type="Hidden" name="action" value="editcategory">
|
||||
<input type="Hidden" name="categoryid" value="<?php echo $category->getID()?>">
|
||||
<input name="name" value="<?php echo htmlspecialchars($category->getName()) ?>">
|
||||
|
|
@ -135,20 +142,29 @@ UI::contentContainerStart();
|
|||
else
|
||||
foreach ($lists as $list) {
|
||||
?>
|
||||
<form action="../op/op.DefaultKeywords.php" >
|
||||
<form style="display: inline-block;" method="post" action="../op/op.DefaultKeywords.php" >
|
||||
<?php echo createHiddenFieldWithKey('editkeywords'); ?>
|
||||
<input type="Hidden" name="categoryid" value="<?php echo $category->getID()?>">
|
||||
<input type="Hidden" name="keywordsid" value="<?php echo $list["id"]?>">
|
||||
<input type="Hidden" name="action" value="editkeywords">
|
||||
<input name="keywords" value="<?php echo htmlspecialchars($list["keywords"]) ?>">
|
||||
<input name="action" value="editkeywords" type="Image" src="images/save.gif" title="<?php echo getMLText("save")?>">
|
||||
<input name="action" value="editkeywords" type="Image" src="images/save.gif" title="<?php echo getMLText("save")?>" style="border: 0px;">
|
||||
<!-- <input name="action" value="removekeywords" type="Image" src="images/del.gif" title="<?php echo getMLText("delete")?>" border="0"> -->
|
||||
<a href="../op/op.DefaultKeywords.php?categoryid=<?php echo $category->getID()?>&keywordsid=<?php echo $list["id"]?>&action=removekeywords"><img src="images/del.gif" title="<?php echo getMLText("delete")?>" border="0"></a>
|
||||
</form><br>
|
||||
</form>
|
||||
<form style="display: inline-block;" method="post" action="../op/op.DefaultKeywords.php" >
|
||||
<?php echo createHiddenFieldWithKey('removekeywords'); ?>
|
||||
<input type="Hidden" name="categoryid" value="<?php echo $category->getID()?>">
|
||||
<input type="Hidden" name="keywordsid" value="<?php echo $list["id"]?>">
|
||||
<input type="Hidden" name="action" value="removekeywords">
|
||||
<input name="action" value="removekeywords" type="Image" src="images/del.gif" title="<?php echo getMLText("delete")?>" style="border: 0px;">
|
||||
</form>
|
||||
<br>
|
||||
<?php } ?>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<form action="../op/op.DefaultKeywords.php" >
|
||||
<form action="../op/op.DefaultKeywords.php" method="post">
|
||||
<?php echo createHiddenFieldWithKey('newkeywords'); ?>
|
||||
<td><input type="Submit" value="<?php printMLText("new_default_keywords");?>"></td>
|
||||
<td>
|
||||
<input type="Hidden" name="action" value="newkeywords">
|
||||
|
|
|
|||
|
|
@ -76,7 +76,7 @@ function checkForm()
|
|||
</script>
|
||||
|
||||
<?php
|
||||
$allUsers = $dms->getAllUsers();
|
||||
$allUsers = $dms->getAllUsers($settings->_sortUsersInList);
|
||||
|
||||
UI::contentHeading(getMLText("edit_document_access"));
|
||||
UI::contentContainerStart();
|
||||
|
|
@ -97,7 +97,7 @@ if ($user->isAdmin()) {
|
|||
print "<option value=\"".$currUser->getID()."\"";
|
||||
if ($currUser->getID() == $owner->getID())
|
||||
print " selected";
|
||||
print ">" . htmlspecialchars($currUser->getFullname()) . "</option>\n";
|
||||
print ">" . htmlspecialchars($currUser->getLogin() . " - " . $currUser->getFullname()) . "</option>\n";
|
||||
}
|
||||
?>
|
||||
</select>
|
||||
|
|
@ -200,7 +200,7 @@ foreach ($allUsers as $userObj) {
|
|||
if ($userObj->isGuest() || in_array($userObj->getID(), $memusers)) {
|
||||
continue;
|
||||
}
|
||||
print "<option value=\"".$userObj->getID()."\">" . htmlspecialchars($userObj->getFullName()) . "</option>\n";
|
||||
print "<option value=\"".$userObj->getID()."\">" . htmlspecialchars($currUser->getLogin() . " - " . $userObj->getFullName()) . "</option>\n";
|
||||
}
|
||||
?>
|
||||
</select>
|
||||
|
|
|
|||
|
|
@ -116,10 +116,10 @@ print "</table>\n";
|
|||
<option value="-1"><?php printMLText("select_one");?>
|
||||
<?php
|
||||
if ($user->isAdmin()) {
|
||||
$allUsers = $dms->getAllUsers();
|
||||
$allUsers = $dms->getAllUsers($settings->_sortUsersInList);
|
||||
foreach ($allUsers as $userObj) {
|
||||
if (!$userObj->isGuest() && ($document->getAccessMode($userObj) >= M_READ) && !in_array($userObj->getID(), $userNotifyIDs))
|
||||
print "<option value=\"".$userObj->getID()."\">" . $userObj->getFullName() . "\n";
|
||||
print "<option value=\"".$userObj->getID()."\">" . htmlspecialchars($userObj->getLogin() . " - " . $userObj->getFullName()) . "\n";
|
||||
}
|
||||
}
|
||||
elseif (!$user->isGuest() && !in_array($user->getID(), $userNotifyIDs)) {
|
||||
|
|
|
|||
|
|
@ -70,6 +70,7 @@ function checkForm()
|
|||
</script>
|
||||
|
||||
<form action="../op/op.EditEvent.php" name="form1" onsubmit="return checkForm();" method="POST">
|
||||
<?php echo createHiddenFieldWithKey('editevent'); ?>
|
||||
|
||||
<input type="Hidden" name="eventid" value="<?php echo (int) $_GET["id"]; ?>">
|
||||
|
||||
|
|
|
|||
|
|
@ -115,7 +115,7 @@ print "</table>\n";
|
|||
<option value="-1"><?php printMLText("select_one");?>
|
||||
<?php
|
||||
if ($user->isAdmin()) {
|
||||
$allUsers = $dms->getAllUsers();
|
||||
$allUsers = $dms->getAllUsers($settings->_sortUsersInList);
|
||||
foreach ($allUsers as $userObj) {
|
||||
if (!$userObj->isGuest() && ($folder->getAccessMode($userObj) >= M_READ) && !in_array($userObj->getID(), $userNotifyIDs))
|
||||
print "<option value=\"".$userObj->getID()."\">" . htmlspecialchars($userObj->getFullName()) . "\n";
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ if (!$user->isAdmin()) {
|
|||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
$allUsers = $dms->getAllUsers();
|
||||
$allUsers = $dms->getAllUsers($settings->_sortUsersInList);
|
||||
|
||||
if (is_bool($allUsers)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("internal_error"));
|
||||
|
|
@ -126,7 +126,8 @@ UI::contentContainerStart();
|
|||
|
||||
<td id="keywords0" style="display : none;">
|
||||
|
||||
<form action="../op/op.GroupMgr.php" name="form0_1" onsubmit="return checkForm1('0');">
|
||||
<form action="../op/op.GroupMgr.php" name="form0_1" method="post" onsubmit="return checkForm1('0');">
|
||||
<?php echo createHiddenFieldWithKey('addgroup'); ?>
|
||||
<input type="Hidden" name="action" value="addgroup">
|
||||
<table>
|
||||
<tr>
|
||||
|
|
@ -161,7 +162,8 @@ UI::contentContainerStart();
|
|||
<?php UI::contentSubHeading(getMLText("edit_group"));?>
|
||||
|
||||
|
||||
<form action="../op/op.GroupMgr.php" name="form<?php print $group->getID();?>_1" onsubmit="return checkForm1('<?php print $group->getID();?>');">
|
||||
<form action="../op/op.GroupMgr.php" name="form<?php print $group->getID();?>_1" method="post" onsubmit="return checkForm1('<?php print $group->getID();?>');">
|
||||
<?php echo createHiddenFieldWithKey('editgroup'); ?>
|
||||
<input type="Hidden" name="groupid" value="<?php print $group->getID();?>">
|
||||
<input type="Hidden" name="action" value="editgroup">
|
||||
<table>
|
||||
|
|
@ -195,8 +197,8 @@ UI::contentContainerStart();
|
|||
print "<td>" . htmlspecialchars($member->getFullName()) . "</td>";
|
||||
print "<td>" . ($group->isMember($member,true)?getMLText("manager"):" ") . "</td>";
|
||||
print "<td align=\"right\"><ul class=\"actions\">";
|
||||
print "<li><a href=\"../op/op.GroupMgr.php?groupid=". $group->getID() . "&userid=".$member->getID()."&action=rmmember\">".getMLText("delete")."</a>";
|
||||
print "<li><a href=\"../op/op.GroupMgr.php?groupid=". $group->getID() . "&userid=".$member->getID()."&action=tmanager\">".getMLText("toggle_manager")."</a>";
|
||||
print "<li><form action=\"../op/op.GroupMgr.php\" method=\"post\"><input type=\"hidden\" name=\"action\" value=\"rmmember\" /><input type=\"hidden\" name=\"groupid\" value=\"".$group->getID()."\" /><input type=\"hidden\" name=\"userid\" value=\"".$member->getID()."\" />".createHiddenFieldWithKey('rmmember')."<input type=\"submit\" value=\"".getMLText("delete")."\" /></form>";
|
||||
print "<li><form action=\"../op/op.GroupMgr.php\" method=\"post\"><input type=\"hidden\" name=\"groupid\" value=\"".$group->getID()."\" /><input type=\"hidden\" name=\"action\" value=\"tmanager\" /><input type=\"hidden\" name=\"userid\" value=\"".$member->getID()."\" />".createHiddenFieldWithKey('tmanager')."<input type=\"submit\" value=\"".getMLText("toggle_manager")."\" /></form>";
|
||||
print "</td></tr>";
|
||||
}
|
||||
}
|
||||
|
|
@ -210,7 +212,8 @@ UI::contentContainerStart();
|
|||
|
||||
?>
|
||||
|
||||
<form action="../op/op.GroupMgr.php" method=POST name="form<?php print $group->getID();?>_2" onsubmit="return checkForm2('<?php print $group->getID();?>');">
|
||||
<form action="../op/op.GroupMgr.php" method="POST" name="form<?php print $group->getID();?>_2" onsubmit="return checkForm2('<?php print $group->getID();?>');">
|
||||
<?php echo createHiddenFieldWithKey('addmember'); ?>
|
||||
<input type="Hidden" name="action" value="addmember">
|
||||
<input type="Hidden" name="groupid" value="<?php print $group->getID();?>">
|
||||
<table width="100%">
|
||||
|
|
|
|||
|
|
@ -41,6 +41,7 @@ UI::contentContainerStart();
|
|||
?>
|
||||
<form action="../op/op.RemoveArchive.php" name="form1" method="POST">
|
||||
<input type="Hidden" name="arkname" value="<?php echo sanitizeString($arkname); ?>">
|
||||
<?php echo createHiddenFieldWithKey('removearchive'); ?>
|
||||
<p><?php printMLText("confirm_rm_backup", array ("arkname" => sanitizeString($arkname)));?></p>
|
||||
<input type="Submit" value="<?php printMLText("backup_remove");?>">
|
||||
</form>
|
||||
|
|
|
|||
|
|
@ -51,6 +51,7 @@ UI::contentContainerStart();
|
|||
?>
|
||||
<form action="../op/op.RemoveDocument.php" name="form1" method="POST">
|
||||
<input type="Hidden" name="documentid" value="<?php print $documentid;?>">
|
||||
<?php echo createHiddenFieldWithKey('removedocument'); ?>
|
||||
<p>
|
||||
<?php printMLText("confirm_rm_document", array ("documentname" => htmlspecialchars($document->getName())));?>
|
||||
</p>
|
||||
|
|
|
|||
|
|
@ -61,6 +61,7 @@ UI::contentContainerStart();
|
|||
|
||||
?>
|
||||
<form action="../op/op.RemoveDocumentFile.php" name="form1" method="POST">
|
||||
<?php echo createHiddenFieldWithKey('removedocumentfile'); ?>
|
||||
<input type="Hidden" name="documentid" value="<?php echo $documentid?>">
|
||||
<input type="Hidden" name="fileid" value="<?php echo $fileid?>">
|
||||
<p><?php printMLText("confirm_rm_file", array ("documentname" => $document->getName(), "name" => htmlspecialchars($file->getName())));?></p>
|
||||
|
|
|
|||
|
|
@ -41,6 +41,7 @@ UI::contentContainerStart();
|
|||
?>
|
||||
<form action="../op/op.RemoveDump.php" name="form1" method="POST">
|
||||
<input type="Hidden" name="dumpname" value="<?php echo sanitizeString($dumpname); ?>">
|
||||
<?php echo createHiddenFieldWithKey('removedump'); ?>
|
||||
<p><?php printMLText("confirm_rm_dump", array ("dumpname" => sanitizeString($dumpname)));?></p>
|
||||
<input type="Submit" value="<?php printMLText("dump_remove");?>">
|
||||
</form>
|
||||
|
|
|
|||
|
|
@ -45,6 +45,7 @@ UI::contentContainerStart();
|
|||
|
||||
?>
|
||||
<form action="../op/op.RemoveEvent.php" name="form1" method="POST">
|
||||
<?php echo createHiddenFieldWithKey('removeevent'); ?>
|
||||
<input type="Hidden" name="eventid" value="<?php echo intval($_GET["id"]); ?>">
|
||||
<p><?php printMLText("confirm_rm_event", array ("name" => htmlspecialchars($event["name"])));?></p>
|
||||
<input type="Submit" value="<?php printMLText("delete");?>">
|
||||
|
|
|
|||
|
|
@ -52,9 +52,10 @@ UI::contentHeading(getMLText("rm_folder"));
|
|||
UI::contentContainerStart();
|
||||
|
||||
?>
|
||||
<form action="../op/op.RemoveFolder.php" name="form1">
|
||||
<form action="../op/op.RemoveFolder.php" method="post" name="form1">
|
||||
<input type="Hidden" name="folderid" value="<?php print $folderid;?>">
|
||||
<input type="Hidden" name="showtree" value="<?php echo showtree();?>">
|
||||
<?php echo createHiddenFieldWithKey('removefolder'); ?>
|
||||
<p>
|
||||
<?php printMLText("confirm_rm_folder", array ("foldername" => htmlspecialchars($folder->getName())));?>
|
||||
</p>
|
||||
|
|
|
|||
|
|
@ -46,6 +46,7 @@ UI::contentContainerStart();
|
|||
|
||||
?>
|
||||
<form action="../op/op.RemoveFolderFiles.php" name="form1" method="POST">
|
||||
<?php echo createHiddenFieldWithKey('removefolderfiles'); ?>
|
||||
<input type="Hidden" name="folderid" value="<?php echo $folderid?>">
|
||||
<p><?php printMLText("confirm_rm_folder_files", array ("foldername" => htmlspecialchars($folder->getName())));?></p>
|
||||
<input type="Submit" value="<?php printMLText("accept");?>">
|
||||
|
|
|
|||
|
|
@ -48,6 +48,7 @@ UI::contentContainerStart();
|
|||
<form action="../op/op.GroupMgr.php" name="form1" method="POST">
|
||||
<input type="Hidden" name="groupid" value="<?php print $groupid;?>">
|
||||
<input type="Hidden" name="action" value="removegroup">
|
||||
<?php echo createHiddenFieldWithKey('removegroup'); ?>
|
||||
<p>
|
||||
<?php printMLText("confirm_rm_group", array ("groupname" => htmlspecialchars($currGroup->getName())));?>
|
||||
</p>
|
||||
|
|
|
|||
|
|
@ -40,6 +40,7 @@ UI::contentContainerStart();
|
|||
|
||||
?>
|
||||
<form action="../op/op.RemoveLog.php" name="form1" method="POST">
|
||||
<?php echo createHiddenFieldWithKey('removelog'); ?>
|
||||
<input type="Hidden" name="logname" value="<?php echo $logname?>">
|
||||
<p><?php printMLText("confirm_rm_log", array ("logname" => $logname));?></p>
|
||||
<input type="Submit" value="<?php printMLText("rm_file");?>">
|
||||
|
|
|
|||
|
|
@ -53,6 +53,7 @@ UI::contentContainerStart();
|
|||
<form action="../op/op.UsrMgr.php" name="form1" method="POST">
|
||||
<input type="Hidden" name="userid" value="<?php print $userid;?>">
|
||||
<input type="Hidden" name="action" value="removeuser">
|
||||
<?php echo createHiddenFieldWithKey('removeuser'); ?>
|
||||
<p>
|
||||
<?php printMLText("confirm_rm_user", array ("username" => htmlspecialchars($currUser->getFullName())));?>
|
||||
</p>
|
||||
|
|
@ -61,7 +62,7 @@ UI::contentContainerStart();
|
|||
<?php printMLText("assign_user_property_to"); ?> :
|
||||
<select name="assignTo">
|
||||
<?php
|
||||
$users = $dms->getAllUsers();
|
||||
$users = $dms->getAllUsers($settings->_sortUsersInList);
|
||||
foreach ($users as $currUser) {
|
||||
if ($currUser->isGuest() || ($currUser->getID() == $userid) )
|
||||
continue;
|
||||
|
|
|
|||
|
|
@ -139,12 +139,12 @@ foreach ($allCats as $catObj) {
|
|||
<select name="ownerid">
|
||||
<option value="-1"><?php printMLText("all_users");?>
|
||||
<?php
|
||||
$allUsers = $dms->getAllUsers();
|
||||
$allUsers = $dms->getAllUsers($settings->_sortUsersInList);
|
||||
foreach ($allUsers as $userObj)
|
||||
{
|
||||
if ($userObj->isGuest())
|
||||
continue;
|
||||
print "<option value=\"".$userObj->getID()."\">" . htmlspecialchars($userObj->getFullName()) . "\n";
|
||||
print "<option value=\"".$userObj->getID()."\">" . htmlspecialchars($userObj->getLogin()." - ".$userObj->getFullName()) . "\n";
|
||||
}
|
||||
?>
|
||||
</select>
|
||||
|
|
@ -232,12 +232,12 @@ foreach ($allCats as $catObj) {
|
|||
<select name="ownerid">
|
||||
<option value="-1"><?php printMLText("all_users");?>
|
||||
<?php
|
||||
$allUsers = $dms->getAllUsers();
|
||||
$allUsers = $dms->getAllUsers($settings->_sortUsersInList);
|
||||
foreach ($allUsers as $userObj)
|
||||
{
|
||||
if ($userObj->isGuest())
|
||||
continue;
|
||||
print "<option value=\"".$userObj->getID()."\">" . htmlspecialchars($userObj->getFullName()) . "\n";
|
||||
print "<option value=\"".$userObj->getID()."\">" . htmlspecialchars($userObj->getLogin()." - ".$userObj->getFullName()) . "\n";
|
||||
}
|
||||
?>
|
||||
</select>
|
||||
|
|
|
|||
|
|
@ -26,6 +26,10 @@ if (!$user->isAdmin()) {
|
|||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
/* Set an encryption key if is not set */
|
||||
if(!trim($settings->_encryptionKey))
|
||||
$settings->_encryptionKey = md5(uniqid());
|
||||
|
||||
UI::htmlStartPage(getMLText("admin_tools"));
|
||||
UI::globalNavigation();
|
||||
UI::pageNavigation(getMLText("admin_tools"), "admin_tools");
|
||||
|
|
@ -306,6 +310,10 @@ if(!is_writeable($settings->_configFilePath)) {
|
|||
<td><?php printMLText("settings_loginFailure");?>:</td>
|
||||
<td><input name="loginFailure" value="<?php echo $settings->_loginFailure; ?>" size="2" /></td>
|
||||
</tr>
|
||||
<tr title="<?php printMLText("settings_encryptionKey_desc");?>">
|
||||
<td><?php printMLText("settings_encryptionKey");?>:</td>
|
||||
<td><input name="encryptionKey" value="<?php echo $settings->_encryptionKey; ?>" size="32" /></td>
|
||||
</tr>
|
||||
|
||||
<!-- TODO Connectors -->
|
||||
|
||||
|
|
|
|||
|
|
@ -32,9 +32,8 @@ UI::pageNavigation(getMLText("admin_tools"), "admin_tools");
|
|||
UI::contentHeading(getMLText("user_list"));
|
||||
UI::contentContainerStart();
|
||||
|
||||
$users = getAllUsers();
|
||||
for ($i = 0; $i < count($users); $i++) {
|
||||
$currUser = $users[$i];
|
||||
$users = $dms->getAllUsers($settings->_sortUsersInList);
|
||||
foreach ($users as $currUser) {
|
||||
if ($currUser->isGuest())
|
||||
continue;
|
||||
|
||||
|
|
|
|||
|
|
@ -118,6 +118,7 @@ UI::contentContainerStart();
|
|||
<td id="keywords0" style="display : none;">
|
||||
|
||||
<form action="../op/op.UsrMgr.php" method="post" enctype="multipart/form-data" name="form0" onsubmit="return checkForm('0');">
|
||||
<?php echo createHiddenFieldWithKey('adduser'); ?>
|
||||
<input type="Hidden" name="action" value="adduser">
|
||||
<table>
|
||||
<tr>
|
||||
|
|
@ -256,6 +257,7 @@ UI::contentContainerStart();
|
|||
<?php UI::contentSubHeading(getMLText("edit_user"));?>
|
||||
|
||||
<form action="../op/op.UsrMgr.php" method="post" enctype="multipart/form-data" name="form<?php print $currUser->getID();?>" onsubmit="return checkForm('<?php print $currUser->getID();?>');">
|
||||
<?php echo createHiddenFieldWithKey('edituser'); ?>
|
||||
<input type="Hidden" name="userid" value="<?php print $currUser->getID();?>">
|
||||
<input type="Hidden" name="action" value="edituser">
|
||||
<table>
|
||||
|
|
|
|||
|
|
@ -418,7 +418,7 @@ if (count($files) > 0) {
|
|||
|
||||
print "<td><span class=\"actions\">";
|
||||
if (($document->getAccessMode($user) == M_ALL)||($file->getUserID()==$user->getID()))
|
||||
print "<a href=\"../out/out.RemoveDocumentFile.php?documentid=".$documentid."&fileid=".$file->getID()."\">".getMLText("delete")."</a>";
|
||||
print "<form action=\"../out/out.RemoveDocumentFile.php\" method=\"get\"><input type=\"hidden\" name=\"documentid\" value=\"".$documentid."\" /><input type=\"hidden\" name=\"fileid\" value=\"".$file->getID()."\" /><input type=\"submit\" value=\"".getMLText("delete")."\" /></form>";
|
||||
print "</span></td>";
|
||||
|
||||
print "</tr>";
|
||||
|
|
@ -463,7 +463,7 @@ if (count($links) > 0) {
|
|||
print "</td>";
|
||||
print "<td><span class=\"actions\">";
|
||||
if (($user->getID() == $responsibleUser->getID()) || ($document->getAccessMode($user) == M_ALL ))
|
||||
print "<a href=\"../op/op.RemoveDocumentLink.php?documentid=".$documentid."&linkid=".$link->getID()."\">".getMLText("delete")."</a>";
|
||||
print "<form action=\"../op/op.RemoveDocumentLink.php\" method=\"post\">".createHiddenFieldWithKey('removedocumentlink')."<input type=\"hidden\" name=\"documentid\" value=\"".$documentid."\" /><input type=\"hidden\" name=\"linkid\" value=\"".$link->getID()."\" /><input type=\"submit\" value=\"".getMLText("delete")."\" /></form>";
|
||||
print "</span></td>";
|
||||
print "</tr>";
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user