mirror of
https://git.code.sf.net/p/seeddms/code
synced 2025-02-06 07:04:57 +00:00
Merge branch 'seeddms-5.1.x' into seeddms-6.0.x
This commit is contained in:
Uwe Steinmann
commit
e91a66af21
|
|
@ -218,6 +218,7 @@
|
|||
- issue warning if document cannot be approved/reviewed anymore, because it has
|
||||
expired
|
||||
- much better form validation based on jquery validation
|
||||
- secure unlocking/locking of a documents with form token to prevent CSRF attacks
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
Changes in version 5.1.22
|
||||
|
|
|
|||
|
|
@ -587,40 +587,45 @@ switch($command) {
|
|||
|
||||
case 'tooglelockdocument': /* {{{ */
|
||||
if($user) {
|
||||
$document = $dms->getDocument($_REQUEST['id']);
|
||||
if($document) {
|
||||
if ($document->getAccessMode($user) >= M_READWRITE) {
|
||||
if ($document->isLocked()) {
|
||||
$lockingUser = $document->getLockingUser();
|
||||
if (($lockingUser->getID() == $user->getID()) || ($document->getAccessMode($user) == M_ALL)) {
|
||||
if (!$document->setLocked(false)) {
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode(array('success'=>false, 'message'=>'Error unlocking document', 'data'=>''));
|
||||
if(checkFormKey('tooglelockdocument', 'GET')) {
|
||||
$document = $dms->getDocument($_REQUEST['id']);
|
||||
if($document) {
|
||||
if ($document->getAccessMode($user) >= M_READWRITE) {
|
||||
if ($document->isLocked()) {
|
||||
$lockingUser = $document->getLockingUser();
|
||||
if (($lockingUser->getID() == $user->getID()) || ($document->getAccessMode($user) == M_ALL)) {
|
||||
if (!$document->setLocked(false)) {
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode(array('success'=>false, 'message'=>'Error unlocking document', 'data'=>''));
|
||||
} else {
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode(array('success'=>true, 'message'=>getMLText('splash_document_unlocked'), 'data'=>''));
|
||||
}
|
||||
} else {
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode(array('success'=>true, 'message'=>getMLText('splash_document_unlocked'), 'data'=>''));
|
||||
echo json_encode(array('success'=>false, 'message'=>getMLText('access_denied'), 'data'=>''));
|
||||
}
|
||||
} else {
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode(array('success'=>false, 'message'=>getMLText('access_denied'), 'data'=>''));
|
||||
if (!$document->setLocked($user)) {
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode(array('success'=>false, 'message'=>'Error locking document', 'data'=>''));
|
||||
} else {
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode(array('success'=>true, 'message'=>getMLText('splash_document_locked'), 'data'=>''));
|
||||
add_log_line();
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if (!$document->setLocked($user)) {
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode(array('success'=>false, 'message'=>'Error locking document', 'data'=>''));
|
||||
} else {
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode(array('success'=>true, 'message'=>getMLText('splash_document_locked'), 'data'=>''));
|
||||
add_log_line();
|
||||
}
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode(array('success'=>false, 'message'=>getMLText('access_denied'), 'data'=>''));
|
||||
}
|
||||
} else {
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode(array('success'=>false, 'message'=>getMLText('access_denied'), 'data'=>''));
|
||||
echo json_encode(array('success'=>false, 'message'=>getMLText('invalid_doc_id'), 'data'=>''));
|
||||
}
|
||||
} else {
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode(array('success'=>false, 'message'=>getMLText('invalid_doc_id'), 'data'=>''));
|
||||
echo json_encode(array('success'=>false, 'message'=>getMLText('invalid_request_token'), 'data'=>''));
|
||||
}
|
||||
}
|
||||
break; /* }}} */
|
||||
|
|
|
|||
|
|
@ -29,6 +29,11 @@ require_once("inc/inc.DBInit.php");
|
|||
require_once("inc/inc.ClassUI.php");
|
||||
require_once("inc/inc.Authentication.php");
|
||||
|
||||
/* Check if the form data comes from a trusted request */
|
||||
if(!checkFormKey('lockdocument', 'GET')) {
|
||||
UI::exitError(getMLText("document_title"), getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_GET["documentid"])<1) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -28,6 +28,11 @@ include("../inc/inc.DBInit.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
/* Check if the form data comes from a trusted request */
|
||||
if(!checkFormKey('unlockdocument', 'GET')) {
|
||||
UI::exitError(getMLText("document_title"), getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_GET["documentid"])<1) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -794,14 +794,7 @@ background-image: linear-gradient(to bottom, #882222, #111111);;
|
|||
if($accessobject->check_controller_access('UpdateDocument'))
|
||||
$menuitems['update_document'] = array('link'=>"../out/out.UpdateDocument".$docid, 'label'=>getMLText('update_document'));
|
||||
if($accessobject->check_controller_access('LockDocument'))
|
||||
$menuitems['lock_document'] = array('link'=>"../op/op.LockDocument".$docid, 'label'=>getMLText('lock_document'));
|
||||
if($document->isCheckedOut())
|
||||
$menuitems['checkin_document'] = array('link'=>"../out/out.CheckInDocument".$docid, 'label'=>getMLText('checkin_document'));
|
||||
else {
|
||||
if($this->params['checkoutdir']) {
|
||||
$menuitems['checkout_document'] = array('link'=>"../op/op.CheckOutDocument".$docid, 'label'=>getMLText('checkout_document'));
|
||||
}
|
||||
}
|
||||
$menuitems['lock_document'] = array('link'=>"../op/op.LockDocument".$docid."&formtoken=".createFormKey('lockdocument'), 'label'=>getMLText('lock_document'));
|
||||
if($accessobject->check_controller_access('EditDocument'))
|
||||
$menuitems['edit_document_props'] = array('link'=>"../out/out.EditDocument".$docid , 'label'=>getMLText('edit_document_props'));
|
||||
$menuitems['move_document'] = array('link'=>"../out/out.MoveDocument".$docid, 'label'=>getMLText('move_document'));
|
||||
|
|
@ -812,14 +805,7 @@ background-image: linear-gradient(to bottom, #882222, #111111);;
|
|||
if($accessobject->check_controller_access('UpdateDocument'))
|
||||
$menuitems['update_document'] = array('link'=>"../out/out.UpdateDocument".$docid, 'label'=>getMLText('update_document'));
|
||||
if($accessobject->check_controller_access('UnlockDocument'))
|
||||
$menuitems['unlock_document'] = array('link'=>"../op/op.UnlockDocument".$docid, 'label'=>getMLText('unlock_document'));
|
||||
if($document->isCheckedOut()) {
|
||||
$menuitems['checkin_document'] = array('link'=>"../out/out.CheckInDocument".$docid, 'label'=>getMLText('checkin_document'));
|
||||
} else {
|
||||
if($this->params['checkoutdir']) {
|
||||
$menuitems['checkout_document'] = array('link'=>"../op/op.CheckOutDocument".$docid, 'label'=>getMLText('checkout_document'));
|
||||
}
|
||||
}
|
||||
$menuitems['unlock_document'] = array('link'=>"../op/op.UnlockDocument".$docid."&formtoken=".createFormKey('unlockdocument'), 'label'=>getMLText('unlock_document'));
|
||||
if($accessobject->check_controller_access('EditDocument'))
|
||||
$menuitems['edit_document_props'] = array('link'=>"../out/out.EditDocument".$docid, 'label'=>getMLText('edit_document_props'));
|
||||
$menuitems['move_document'] = array('link'=>"../out/out.MoveDocument".$docid, 'label'=>getMLText('move_document'));
|
||||
|
|
@ -2605,7 +2591,7 @@ $(function() {
|
|||
$title = 'lock_document';
|
||||
}
|
||||
$content = '';
|
||||
$content .= '<a class="lock-document-btn" rel="'.$docid.'" msg="'.getMLText($msg).'" title="'.getMLText($title).'"><i class="fa fa-'.$icon.'"></i></a>';
|
||||
$content .= '<a class="lock-document-btn" rel="'.$docid.'" msg="'.getMLText($msg).'" title="'.getMLText($title).'" data-formtoken="'.createFormKey('tooglelockdocument').'"><i class="fa fa-'.$icon.'"></i></a>';
|
||||
if($return)
|
||||
return $content;
|
||||
else
|
||||
|
|
|
|||
|
|
@ -707,7 +707,7 @@ background-image: linear-gradient(to bottom, #882222, #111111);;
|
|||
if($accessobject->check_controller_access('UpdateDocument'))
|
||||
$menuitems['update_document'] = array('link'=>"../out/out.UpdateDocument".$docid, 'label'=>getMLText('update_document'));
|
||||
if($accessobject->check_controller_access('LockDocument'))
|
||||
$menuitems['lock_document'] = array('link'=>"../op/op.LockDocument".$docid, 'label'=>getMLText('lock_document'));
|
||||
$menuitems['lock_document'] = array('link'=>"../op/op.LockDocument".$docid."&formtoken=".createFormKey('lockdocument'), 'label'=>getMLText('lock_document'));
|
||||
if($document->isCheckedOut())
|
||||
$menuitems['checkin_document'] = array('link'=>"../out/out.CheckInDocument".$docid, 'label'=>getMLText('checkin_document'));
|
||||
else {
|
||||
|
|
@ -725,14 +725,7 @@ background-image: linear-gradient(to bottom, #882222, #111111);;
|
|||
if($accessobject->check_controller_access('UpdateDocument'))
|
||||
$menuitems['update_document'] = array('link'=>"../out/out.UpdateDocument".$docid, 'label'=>getMLText('update_document'));
|
||||
if($accessobject->check_controller_access('UnlockDocument'))
|
||||
$menuitems['unlock_document'] = array('link'=>"../op/op.UnlockDocument".$docid, 'label'=>getMLText('unlock_document'));
|
||||
if($document->isCheckedOut()) {
|
||||
$menuitems['checkin_document'] = array('link'=>"../out/out.CheckInDocument".$docid, 'label'=>getMLText('checkin_document'));
|
||||
} else {
|
||||
if($this->params['checkoutdir']) {
|
||||
$menuitems['checkout_document'] = array('link'=>"../op/op.CheckOutDocument".$docid, 'label'=>getMLText('checkout_document'));
|
||||
}
|
||||
}
|
||||
$menuitems['unlock_document'] = array('link'=>"../op/op.UnlockDocument".$docid."&formtoken=".createFormKey('unlockdocument'), 'label'=>getMLText('unlock_document'));
|
||||
if($accessobject->check_controller_access('EditDocument'))
|
||||
$menuitems['edit_document_props'] = array('link'=>"../out/out.EditDocument".$docid, 'label'=>getMLText('edit_document_props'));
|
||||
$menuitems['move_document'] = array('link'=>"../out/out.MoveDocument".$docid, 'label'=>getMLText('move_document'));
|
||||
|
|
@ -2582,7 +2575,7 @@ $(function() {
|
|||
$title = 'lock_document';
|
||||
}
|
||||
$content = '';
|
||||
$content .= '<a class="lock-document-btn" rel="'.$docid.'" msg="'.getMLText($msg).'" title="'.getMLText($title).'"><i class="fa fa-'.$icon.'"></i></a>';
|
||||
$content .= '<a class="lock-document-btn" rel="'.$docid.'" msg="'.getMLText($msg).'" title="'.getMLText($title).'" data-formtoken="'.createFormKey('tooglelockdocument').'"><i class="fa fa-'.$icon.'"></i></a>';
|
||||
if($return)
|
||||
return $content;
|
||||
else
|
||||
|
|
|
|||
|
|
@ -389,7 +389,7 @@ $(document).ready( function() {
|
|||
attr_msg = $(ev.currentTarget).attr('msg');
|
||||
id = attr_rel;
|
||||
$.get('../op/op.Ajax.php',
|
||||
{ command: 'tooglelockdocument', id: id },
|
||||
{ command: 'tooglelockdocument', formtoken: $(ev.currentTarget).data('formtoken'), id: id },
|
||||
function(data) {
|
||||
if(data.success) {
|
||||
//$("#table-row-document-"+id).html('Loading').load('../op/op.Ajax.php?command=view&view=documentlistrow&id='+id)
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user