mirror of
https://git.code.sf.net/p/seeddms/code
synced 2025-02-06 07:04:57 +00:00
Merge branch 'seeddms-5.1.x' into seeddms-6.0.x
This commit is contained in:
Uwe Steinmann
commit
7a1836d33a
|
|
@ -230,6 +230,7 @@
|
|||
- extensions cannot be disabled/enabled if configuration file is not writeable
|
||||
- prevent cross site scripting in views/bootstrap/class.DefaultKeywords.php
|
||||
- fix possible DoS in op/op.RemoveLog.php
|
||||
- show only calendar events of logged in user
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
Changes in version 5.1.24
|
||||
|
|
|
|||
|
|
@ -42,6 +42,9 @@ class SeedDMS_Calendar {
|
|||
$date = mktime(12,0,0, $month, $day, $year);
|
||||
|
||||
$queryStr = "SELECT * FROM `tblEvents` WHERE `start` <= " . $date . " AND `stop` >= " . $date;
|
||||
if(!$this->user->isAdmin()) {
|
||||
$queryStr .= " AND `userID`=".$this->user->getID();
|
||||
}
|
||||
$ret = $this->db->getResultArray($queryStr);
|
||||
return $ret;
|
||||
} /* }}} */
|
||||
|
|
@ -50,6 +53,9 @@ class SeedDMS_Calendar {
|
|||
$queryStr = "SELECT * FROM `tblEvents` WHERE ( `start` <= " . (int) $start . " AND `stop` >= " . (int) $start . " ) ".
|
||||
"OR ( `start` <= " . (int) $stop . " AND `stop` >= " . (int) $stop . " ) ".
|
||||
"OR ( `start` >= " . (int) $start . " AND `stop` <= " . (int) $stop . " )";
|
||||
if(!$this->user->isAdmin()) {
|
||||
$queryStr .= " AND `userID`=".$this->user->getID();
|
||||
}
|
||||
$ret = $this->db->getResultArray($queryStr);
|
||||
return $ret;
|
||||
} /* }}} */
|
||||
|
|
|
|||
|
|
@ -39,9 +39,19 @@ if ($user->isGuest()) {
|
|||
UI::exitError(getMLText("edit_event"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
if (isset($_GET["day"])) $day=(int) $_GET["day"];
|
||||
else $day = '';
|
||||
if (isset($_GET["year"])) $year=(int) $_GET["year"];
|
||||
else $year = '';
|
||||
if (isset($_GET["month"])) $month=(int) $_GET["month"];
|
||||
else $month = '';
|
||||
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
|
||||
if($view) {
|
||||
$view->setParam('day', $day);
|
||||
$view->setParam('year', $year);
|
||||
$view->setParam('month', $month);
|
||||
$view->setParam('accessobject', $accessop);
|
||||
$view->setParam('strictformcheck', $settings->_strictFormCheck);
|
||||
$view($_GET);
|
||||
|
|
|
|||
|
|
@ -40,6 +40,12 @@ if (isset($_GET["start"])) $start=$_GET["start"];
|
|||
else $start = '';
|
||||
if (isset($_GET["end"])) $end=$_GET["end"];
|
||||
else $end = '';
|
||||
if (isset($_GET["day"])) $day=$_GET["day"];
|
||||
else $day = '';
|
||||
if (isset($_GET["year"])) $year=$_GET["year"];
|
||||
else $year = '';
|
||||
if (isset($_GET["month"])) $month=$_GET["month"];
|
||||
else $month = '';
|
||||
|
||||
if(isset($_GET['documentid']) && $_GET['documentid'] && is_numeric($_GET['documentid'])) {
|
||||
$document = $dms->getDocument($_GET["documentid"]);
|
||||
|
|
@ -72,6 +78,9 @@ if($view) {
|
|||
$view->setParam('calendar', $calendar);
|
||||
$view->setParam('start', $start);
|
||||
$view->setParam('end', $end);
|
||||
$view->setParam('day', $day);
|
||||
$view->setParam('year', $year);
|
||||
$view->setParam('month', $month);
|
||||
$view->setParam('document', $document);
|
||||
$view->setParam('version', $content);
|
||||
$view->setParam('event', $event);
|
||||
|
|
|
|||
|
|
@ -55,6 +55,9 @@ $(document).ready(function() {
|
|||
} /* }}} */
|
||||
|
||||
function show() { /* {{{ */
|
||||
$day = $this->params['day'];
|
||||
$year = $this->params['year'];
|
||||
$month = $this->params['month'];
|
||||
|
||||
$this->htmlAddHeader('<script type="text/javascript" src="../views/'.$this->theme.'/vendors/jquery-validation/jquery.validate.js"></script>'."\n", 'js');
|
||||
$this->htmlAddHeader('<script type="text/javascript" src="../views/'.$this->theme.'/styles/validation-default.js"></script>'."\n", 'js');
|
||||
|
|
@ -66,7 +69,10 @@ $(document).ready(function() {
|
|||
|
||||
$this->contentHeading(getMLText("add_event"));
|
||||
|
||||
$expdate = getReadableDate();
|
||||
if($day && $year && $month)
|
||||
$expdate = sprintf('%04d-%02d-%02d', $year, $month, $day);
|
||||
else
|
||||
$expdate = getReadableDate();
|
||||
?>
|
||||
|
||||
<form class="form-horizontal" action="../op/op.AddEvent.php" id="form1" name="form1" method="post">
|
||||
|
|
|
|||
|
|
@ -93,6 +93,15 @@ class SeedDMS_View_Calendar extends SeedDMS_Theme_Style {
|
|||
'required'=>$strictformcheck
|
||||
)
|
||||
);
|
||||
if($euser = $dms->getUser($event['userID'])) {
|
||||
$this->formField(
|
||||
getMLText("user"),
|
||||
array(
|
||||
'element'=>'plain',
|
||||
'value'=>htmlspecialchars($euser->getFullName())
|
||||
)
|
||||
);
|
||||
}
|
||||
$this->contentContainerEnd();
|
||||
$this->formSubmit("<i class=\"fa fa-save\"></i> ".getMLText('save'));
|
||||
?>
|
||||
|
|
@ -186,10 +195,13 @@ class SeedDMS_View_Calendar extends SeedDMS_Theme_Style {
|
|||
$color = '#20a820';
|
||||
break;
|
||||
case 'add_file':
|
||||
$color = '#a82020';
|
||||
$color = '#c3bf00';
|
||||
break;
|
||||
case 'status_change':
|
||||
$color = '#a8a8a8';
|
||||
if($item['status'] == S_RELEASED)
|
||||
$color = '#129a02';
|
||||
else
|
||||
$color = '#a8a8a8';
|
||||
break;
|
||||
default:
|
||||
$color = '#20a8a8';
|
||||
|
|
@ -197,7 +209,7 @@ class SeedDMS_View_Calendar extends SeedDMS_Theme_Style {
|
|||
if ($item['document']->getAccessMode($user) >= M_READ)
|
||||
$arr[] = array(
|
||||
'start'=>$item['date'],
|
||||
'title'=>$item['document']->getName()."\n".$item['msg'],
|
||||
'title'=>$item['document']->getName()." (".$item['version'].")\n".getOverallStatusText($item['status']), //$item['msg'],
|
||||
'allDay'=>isset($item['allday']) ? $item['allday'] : false,
|
||||
'color'=>$color,
|
||||
'type'=>$item['type'],
|
||||
|
|
@ -220,8 +232,14 @@ class SeedDMS_View_Calendar extends SeedDMS_Theme_Style {
|
|||
$dms = $this->params['dms'];
|
||||
$user = $this->params['user'];
|
||||
$strictformcheck = $this->params['strictformcheck'];
|
||||
$day = $this->params['day'];
|
||||
$year = $this->params['year'];
|
||||
$month = $this->params['month'];
|
||||
header('Content-Type: application/javascript; charset=UTF-8');
|
||||
parent::jsTranslations(array('js_form_error', 'js_form_errors'));
|
||||
$query = '';
|
||||
if($day && $year && $month)
|
||||
$query = http_build_query(['day'=>$day, 'year'=>$year, 'month'=>$month]);
|
||||
?>
|
||||
$(document).ready(function() {
|
||||
|
||||
|
|
@ -234,7 +252,7 @@ class SeedDMS_View_Calendar extends SeedDMS_Theme_Style {
|
|||
text: '<?php printMLText('add_event'); ?>',
|
||||
click: function() {
|
||||
// alert('clicked the custom button!');
|
||||
document.location.href = '../out/out.AddEvent.php';
|
||||
document.location.href = '../out/out.AddEvent.php<?= $query ? '?'.$query : ''?>';
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
|
|||
|
|
@ -63,8 +63,8 @@ class SeedDMS_View_UserList extends SeedDMS_Theme_Style {
|
|||
$sessionmgr = new SeedDMS_SessionMgr($dms->getDB());
|
||||
?>
|
||||
|
||||
<input type="text" id="myInput" placeholder="<?= getMLText('type_to_filter'); ?>">
|
||||
<table id="myTable" class="table table-condensed">
|
||||
<input type="text" id="myInput" class="form-control" placeholder="<?= getMLText('type_to_filter'); ?>">
|
||||
<table id="myTable" class="table table-condensed table-sm">
|
||||
<thead><tr><th></th><th><?php printMLText('name'); ?></th><th><?php printMLText('groups'); ?></th><th><?php printMLText('role'); ?></th><th><?php printMLText('discspace'); ?></th><th><?php printMLText('authentication'); ?></th><th></th></tr></thead><tbody>
|
||||
<?php
|
||||
foreach ($allUsers as $currUser) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user