gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-05-16 06:31:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'seeddms-5.1.x' into seeddms-6.0.x

Browse Source
This commit is contained in:
Uwe Steinmann 2022-03-30 11:39:47 +02:00
commit 7a1836d33a
7 changed files with 57 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG
View File

@ -230,6 +230,7 @@
- extensions cannot be disabled/enabled if configuration file is not writeable - extensions cannot be disabled/enabled if configuration file is not writeable
- prevent cross site scripting in views/bootstrap/class.DefaultKeywords.php - prevent cross site scripting in views/bootstrap/class.DefaultKeywords.php
- fix possible DoS in op/op.RemoveLog.php - fix possible DoS in op/op.RemoveLog.php
- show only calendar events of logged in user
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
Changes in version 5.1.24 Changes in version 5.1.24

6
inc/inc.ClassCalendar.php
View File

@ -42,6 +42,9 @@ class SeedDMS_Calendar {
$date = mktime(12,0,0, $month, $day, $year); $date = mktime(12,0,0, $month, $day, $year);
$queryStr = "SELECT * FROM `tblEvents` WHERE `start` <= " . $date . " AND `stop` >= " . $date; $queryStr = "SELECT * FROM `tblEvents` WHERE `start` <= " . $date . " AND `stop` >= " . $date;
if(!$this->user->isAdmin()) {
$queryStr .= " AND `userID`=".$this->user->getID();
}
$ret = $this->db->getResultArray($queryStr); $ret = $this->db->getResultArray($queryStr);
return $ret; return $ret;
} /* }}} */ } /* }}} */
@ -50,6 +53,9 @@ class SeedDMS_Calendar {
$queryStr = "SELECT * FROM `tblEvents` WHERE ( `start` <= " . (int) $start . " AND `stop` >= " . (int) $start . " ) ". $queryStr = "SELECT * FROM `tblEvents` WHERE ( `start` <= " . (int) $start . " AND `stop` >= " . (int) $start . " ) ".
"OR ( `start` <= " . (int) $stop . " AND `stop` >= " . (int) $stop . " ) ". "OR ( `start` <= " . (int) $stop . " AND `stop` >= " . (int) $stop . " ) ".
"OR ( `start` >= " . (int) $start . " AND `stop` <= " . (int) $stop . " )"; "OR ( `start` >= " . (int) $start . " AND `stop` <= " . (int) $stop . " )";
if(!$this->user->isAdmin()) {
$queryStr .= " AND `userID`=".$this->user->getID();
}
$ret = $this->db->getResultArray($queryStr); $ret = $this->db->getResultArray($queryStr);
return $ret; return $ret;
} /* }}} */ } /* }}} */

10
out/out.AddEvent.php
View File

@ -39,9 +39,19 @@ if ($user->isGuest()) {
UI::exitError(getMLText("edit_event"),getMLText("access_denied")); UI::exitError(getMLText("edit_event"),getMLText("access_denied"));
} }
if (isset($_GET["day"])) $day=(int) $_GET["day"];
else $day = '';
if (isset($_GET["year"])) $year=(int) $_GET["year"];
else $year = '';
if (isset($_GET["month"])) $month=(int) $_GET["month"];
else $month = '';
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings); $accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
if($view) { if($view) {
$view->setParam('day', $day);
$view->setParam('year', $year);
$view->setParam('month', $month);
$view->setParam('accessobject', $accessop); $view->setParam('accessobject', $accessop);
$view->setParam('strictformcheck', $settings->_strictFormCheck); $view->setParam('strictformcheck', $settings->_strictFormCheck);
$view($_GET); $view($_GET);

9
out/out.Calendar.php
View File

@ -40,6 +40,12 @@ if (isset($_GET["start"])) $start=$_GET["start"];
else $start = ''; else $start = '';
if (isset($_GET["end"])) $end=$_GET["end"]; if (isset($_GET["end"])) $end=$_GET["end"];
else $end = ''; else $end = '';
if (isset($_GET["day"])) $day=$_GET["day"];
else $day = '';
if (isset($_GET["year"])) $year=$_GET["year"];
else $year = '';
if (isset($_GET["month"])) $month=$_GET["month"];
else $month = '';
if(isset($_GET['documentid']) && $_GET['documentid'] && is_numeric($_GET['documentid'])) { if(isset($_GET['documentid']) && $_GET['documentid'] && is_numeric($_GET['documentid'])) {
$document = $dms->getDocument($_GET["documentid"]); $document = $dms->getDocument($_GET["documentid"]);
@ -72,6 +78,9 @@ if($view) {
$view->setParam('calendar', $calendar); $view->setParam('calendar', $calendar);
$view->setParam('start', $start); $view->setParam('start', $start);
$view->setParam('end', $end); $view->setParam('end', $end);
$view->setParam('day', $day);
$view->setParam('year', $year);
$view->setParam('month', $month);
$view->setParam('document', $document); $view->setParam('document', $document);
$view->setParam('version', $content); $view->setParam('version', $content);
$view->setParam('event', $event); $view->setParam('event', $event);

8
views/bootstrap/class.AddEvent.php
View File

@ -55,6 +55,9 @@ $(document).ready(function() {
} /* }}} */ } /* }}} */
function show() { /* {{{ */ function show() { /* {{{ */
$day = $this->params['day'];
$year = $this->params['year'];
$month = $this->params['month'];
$this->htmlAddHeader('<script type="text/javascript" src="../views/'.$this->theme.'/vendors/jquery-validation/jquery.validate.js"></script>'."\n", 'js'); $this->htmlAddHeader('<script type="text/javascript" src="../views/'.$this->theme.'/vendors/jquery-validation/jquery.validate.js"></script>'."\n", 'js');
$this->htmlAddHeader('<script type="text/javascript" src="../views/'.$this->theme.'/styles/validation-default.js"></script>'."\n", 'js'); $this->htmlAddHeader('<script type="text/javascript" src="../views/'.$this->theme.'/styles/validation-default.js"></script>'."\n", 'js');
@ -66,7 +69,10 @@ $(document).ready(function() {
$this->contentHeading(getMLText("add_event")); $this->contentHeading(getMLText("add_event"));
$expdate = getReadableDate(); if($day && $year && $month)
$expdate = sprintf('%04d-%02d-%02d', $year, $month, $day);
else
$expdate = getReadableDate();
?> ?>
<form class="form-horizontal" action="../op/op.AddEvent.php" id="form1" name="form1" method="post"> <form class="form-horizontal" action="../op/op.AddEvent.php" id="form1" name="form1" method="post">

26
views/bootstrap/class.Calendar.php
View File

@ -93,6 +93,15 @@ class SeedDMS_View_Calendar extends SeedDMS_Theme_Style {
'required'=>$strictformcheck 'required'=>$strictformcheck
) )
); );
if($euser = $dms->getUser($event['userID'])) {
$this->formField(
getMLText("user"),
array(
'element'=>'plain',
'value'=>htmlspecialchars($euser->getFullName())
)
);
}
$this->contentContainerEnd(); $this->contentContainerEnd();
$this->formSubmit("<i class=\"fa fa-save\"></i> ".getMLText('save')); $this->formSubmit("<i class=\"fa fa-save\"></i> ".getMLText('save'));
?> ?>
@ -186,10 +195,13 @@ class SeedDMS_View_Calendar extends SeedDMS_Theme_Style {
$color = '#20a820'; $color = '#20a820';
break; break;
case 'add_file': case 'add_file':
$color = '#a82020'; $color = '#c3bf00';
break; break;
case 'status_change': case 'status_change':
$color = '#a8a8a8'; if($item['status'] == S_RELEASED)
$color = '#129a02';
else
$color = '#a8a8a8';
break; break;
default: default:
$color = '#20a8a8'; $color = '#20a8a8';
@ -197,7 +209,7 @@ class SeedDMS_View_Calendar extends SeedDMS_Theme_Style {
if ($item['document']->getAccessMode($user) >= M_READ) if ($item['document']->getAccessMode($user) >= M_READ)
$arr[] = array( $arr[] = array(
'start'=>$item['date'], 'start'=>$item['date'],
'title'=>$item['document']->getName()."\n".$item['msg'], 'title'=>$item['document']->getName()." (".$item['version'].")\n".getOverallStatusText($item['status']), //$item['msg'],
'allDay'=>isset($item['allday']) ? $item['allday'] : false, 'allDay'=>isset($item['allday']) ? $item['allday'] : false,
'color'=>$color, 'color'=>$color,
'type'=>$item['type'], 'type'=>$item['type'],
@ -220,8 +232,14 @@ class SeedDMS_View_Calendar extends SeedDMS_Theme_Style {
$dms = $this->params['dms']; $dms = $this->params['dms'];
$user = $this->params['user']; $user = $this->params['user'];
$strictformcheck = $this->params['strictformcheck']; $strictformcheck = $this->params['strictformcheck'];
$day = $this->params['day'];
$year = $this->params['year'];
$month = $this->params['month'];
header('Content-Type: application/javascript; charset=UTF-8'); header('Content-Type: application/javascript; charset=UTF-8');
parent::jsTranslations(array('js_form_error', 'js_form_errors')); parent::jsTranslations(array('js_form_error', 'js_form_errors'));
$query = '';
if($day && $year && $month)
$query = http_build_query(['day'=>$day, 'year'=>$year, 'month'=>$month]);
?> ?>
$(document).ready(function() { $(document).ready(function() {
@ -234,7 +252,7 @@ class SeedDMS_View_Calendar extends SeedDMS_Theme_Style {
text: '<?php printMLText('add_event'); ?>', text: '<?php printMLText('add_event'); ?>',
click: function() { click: function() {
// alert('clicked the custom button!'); // alert('clicked the custom button!');
document.location.href = '../out/out.AddEvent.php'; document.location.href = '../out/out.AddEvent.php<?= $query ? '?'.$query : ''?>';
} }
} }
}, },

4
views/bootstrap/class.UserList.php
View File

@ -63,8 +63,8 @@ class SeedDMS_View_UserList extends SeedDMS_Theme_Style {
$sessionmgr = new SeedDMS_SessionMgr($dms->getDB()); $sessionmgr = new SeedDMS_SessionMgr($dms->getDB());
?> ?>
<input type="text" id="myInput" placeholder="<?= getMLText('type_to_filter'); ?>"> <input type="text" id="myInput" class="form-control" placeholder="<?= getMLText('type_to_filter'); ?>">
<table id="myTable" class="table table-condensed"> <table id="myTable" class="table table-condensed table-sm">
<thead><tr><th></th><th><?php printMLText('name'); ?></th><th><?php printMLText('groups'); ?></th><th><?php printMLText('role'); ?></th><th><?php printMLText('discspace'); ?></th><th><?php printMLText('authentication'); ?></th><th></th></tr></thead><tbody> <thead><tr><th></th><th><?php printMLText('name'); ?></th><th><?php printMLText('groups'); ?></th><th><?php printMLText('role'); ?></th><th><?php printMLText('discspace'); ?></th><th><?php printMLText('authentication'); ?></th><th></th></tr></thead><tbody>
<?php <?php
foreach ($allUsers as $currUser) { foreach ($allUsers as $currUser) {