gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-07-15 08:58:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add 'deletedocument', 'movedocument' requires a formtoken

Browse Source
This commit is contained in:
Uwe Steinmann 2014-06-04 19:15:28 +02:00
parent 8ec7e3e0f5
commit c09e650c89
1 changed files with 47 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
op/op.Ajax.php
View File

@ -215,6 +215,10 @@ switch($command) {
case 'movedocument': /* {{{ */ case 'movedocument': /* {{{ */
if($user) { if($user) {
if(!checkFormKey('movedocument', 'GET')) {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>false, 'message'=>getMLText('invalid_request_token'), 'data'=>''));
} else {
$mdocument = $dms->getDocument($_REQUEST['docid']); $mdocument = $dms->getDocument($_REQUEST['docid']);
if($mdocument) { if($mdocument) {
if ($mdocument->getAccessMode($user) >= M_READ) { if ($mdocument->getAccessMode($user) >= M_READ) {
@ -244,6 +248,35 @@ switch($command) {
echo json_encode(array('success'=>false, 'message'=>'No folder', 'data'=>'')); echo json_encode(array('success'=>false, 'message'=>'No folder', 'data'=>''));
} }
} }
}
break; /* }}} */
case 'deletedocument': /* {{{ */
if($user) {
if(!checkFormKey('removedocument', 'GET')) {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>false, 'message'=>getMLText('invalid_request_token'), 'data'=>''));
} else {
$document = $dms->getDocument($_REQUEST['id']);
if($document) {
if ($document->getAccessMode($user) >= M_READWRITE) {
if($document->remove()) {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>true, 'message'=>'', 'data'=>''.$_REQUEST['formtoken']));
} else {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>false, 'message'=>'Error removing document', 'data'=>''));
}
} else {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>false, 'message'=>'No access', 'data'=>''));
}
} else {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>false, 'message'=>'No document', 'data'=>''));
}
}
}
break; /* }}} */ break; /* }}} */
case 'submittranslation': /* {{{ */ case 'submittranslation': /* {{{ */