mirror of
https://git.code.sf.net/p/seeddms/code
synced 2024-11-26 15:32:13 +00:00
- took over changeѕ from stable release 2.0.2
This commit is contained in:
steinm
parent
01648e3d7a
commit
73f4e23933
|
|
@ -35,6 +35,10 @@ include("../inc/inc.ClassUI.php");
|
|||
include("../inc/inc.Calendar.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if ($user->getID($user) == $settings->_guestID) {
|
||||
UI::exitError(getMLText("edit_event"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["frommonth"]) || !isset($_POST["fromday"]) || !isset($_POST["fromyear"]) ) {
|
||||
UI::exitError(getMLText("add_event"),getMLText("error_occured"));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -135,7 +135,6 @@ function createFolderTar($folder,$ark)
|
|||
|
||||
// create an archive containing the files with original names and DMS path
|
||||
// thanks to Doudoux
|
||||
|
||||
$latestContent = $document->getLatestContent();
|
||||
if (is_object($latestContent))
|
||||
{
|
||||
|
|
@ -146,11 +145,9 @@ function createFolderTar($folder,$ark)
|
|||
|
||||
TarWriteContents($ark, $settings->_contentDir.$latestContent->getDir().$latestContent->getVersion().$latestContent->getFileType());
|
||||
}
|
||||
|
||||
}else{
|
||||
|
||||
// create a server backup archive
|
||||
|
||||
$handle = opendir($settings->_contentDir.$document->getDir());
|
||||
while ($entry = readdir($handle) )
|
||||
{
|
||||
|
|
@ -159,7 +156,6 @@ function createFolderTar($folder,$ark)
|
|||
TarAddHeader($ark,$settings->_contentDir.$document->getDir().$entry,$document->getDir().$entry);
|
||||
TarWriteContents($ark,$settings->_contentDir.$document->getDir().$entry);
|
||||
}
|
||||
|
||||
}
|
||||
closedir($handle);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -35,6 +35,10 @@ include("../inc/inc.ClassUI.php");
|
|||
include("../inc/inc.Calendar.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if ($user->getID($user) == $settings->_guestID) {
|
||||
UI::exitError(getMLText("edit_event"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["frommonth"]) || !isset($_POST["fromday"]) || !isset($_POST["fromyear"]) ) {
|
||||
UI::exitError(getMLText("edit_event"),getMLText("error_occured"));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -30,6 +30,14 @@ include("../inc/inc.FileUtils.php");
|
|||
include("../inc/inc.Language.php");
|
||||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if ($user->getID($user) == $settings->_guestID) {
|
||||
UI::exitError(getMLText("edit_user_details"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
if (($user->getID($user) != $settings->_adminID) && ($settings->_disableSelfEdit)) {
|
||||
UI::exitError(getMLText("edit_user_details"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
$fullname = sanitizeString($_POST["fullname"]);
|
||||
$email = sanitizeString($_POST["email"]);
|
||||
|
|
|
|||
|
|
@ -199,6 +199,15 @@ if (is_bool($user)) {
|
|||
"</p>\n<p><a href='".$settings->_httpRoot."op/op.Logout.php'>".getMLText("back")."</a></p>\n");
|
||||
exit;
|
||||
}
|
||||
|
||||
// control admin IP address if required
|
||||
// TODO: extend control to LDAP autentication
|
||||
if (($resArr["id"] == $settings->_adminID) && ($_SERVER['REMOTE_ADDR'] != $settings->_adminIP ) && ( $settings->_adminIP != "") ){
|
||||
_printMessage(getMLText("login_error_title"), "<p>".getMLText("invalid_user_id").
|
||||
"</p>\n<p><a href='".$settings->_httpRoot."op/op.Logout.php'>".getMLText("back")."</a></p>\n");
|
||||
exit;
|
||||
}
|
||||
|
||||
$userid = $resArr["id"];
|
||||
$user = getUser($userid);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ $dms_session = sanitizeString($dms_session);
|
|||
|
||||
$queryStr = "DELETE FROM tblSessions WHERE id = '$dms_session'";
|
||||
if (!$db->getResult($queryStr))
|
||||
die ("Error while removing session from tblSessions: " . $db->getErrorMsg());
|
||||
UI::exitError(getMLText("logout"),$db->getErrorMsg());
|
||||
|
||||
//Delete Cookie
|
||||
setcookie("mydms_session", $_COOKIE["mydms_session"], time()-3600, $settings->_httpRoot);
|
||||
|
|
|
|||
|
|
@ -31,6 +31,10 @@ include("../inc/inc.ClassUI.php");
|
|||
include("../inc/inc.ClassEmail.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if ($user->getID($user) == $settings->_guestID) {
|
||||
UI::exitError(getMLText("my_account"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
function add_folder_notify($folder,$userid,$recursefolder,$recursedoc)
|
||||
{
|
||||
$folder->addNotify($userid, true);
|
||||
|
|
|
|||
|
|
@ -68,7 +68,7 @@ else {
|
|||
}
|
||||
}
|
||||
|
||||
add_log_line("?documentid=".$documentid."&version".$version);
|
||||
add_log_line("?documentid=".$documentid."&version".$version_num);
|
||||
|
||||
header("Location:../out/out.ViewDocument.php?documentid=".$documentid);
|
||||
|
||||
|
|
|
|||
|
|
@ -32,6 +32,10 @@ include("../inc/inc.Language.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if ($user->getID($user) == $settings->_guestID) {
|
||||
UI::exitError(getMLText("edit_default_keywords"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
if (isset($_POST["action"])) {
|
||||
$action = sanitizeString($_POST["action"]);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -112,7 +112,7 @@ else if ($action == "removeuser") {
|
|||
$userid = $_GET["userid"];
|
||||
}
|
||||
|
||||
if ($userid==$settings->_adminID) {
|
||||
if (($userid==$settings->_adminID)||($userid==$settings->_guestID)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("cannot_delete_admin"));
|
||||
}
|
||||
if (!isset($userid) || !is_numeric($userid) || intval($userid)<1) {
|
||||
|
|
@ -124,7 +124,7 @@ else if ($action == "removeuser") {
|
|||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
|
||||
}
|
||||
|
||||
if (!$userToRemove->remove()) {
|
||||
if (!$userToRemove->remove($_POST["assignTo"])) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("error_occured"));
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user