Note: this list is kept only as a demonstration for CVSNotice. For the latest CVS notices, see the Xaraya and Postnuke sites
View Statistics - Next Notice - Previous NoticeDirectory filter : [ all ] / postnuke_modules / articles [ view in CVS ]
Date | Directory [filter] | File(s) [view] | Author [filter] |
01 Aug 2002 01:38:52 | postnuke_modules/articles | pnadmin.php,1.25,1.26 pnuserapi.php,1.30,1.31 | Mike |
more of this permission stuff later... |
Update of /home/cvsroot/postnuke_modules/articles In directory ns7.hostnuke.net:/tmp/cvs-serv8678 Modified Files: pnadmin.php pnuserapi.php Log Message: more of this permission stuff later... Index: pnadmin.php =================================================================== RCS file: /home/cvsroot/postnuke_modules/articles/pnadmin.php,v retrieving revision 1.25 retrieving revision 1.26 diff -C2 -d -r1.25 -r1.26 *** pnadmin.php 31 Jul 2002 02:14:21 -0000 1.25 --- pnadmin.php 1 Aug 2002 01:38:50 -0000 1.26 *************** *** 29,34 **** function articles_admin_main() { ! // Security check ! if (!pnSecAuthAction(0, 'articles::category', '::', ACCESS_EDIT)) { $msg = pnML('Not authorized to access #(1) module administration', 'Articles'); --- 29,35 ---- function articles_admin_main() { ! // Security check : the user must at least be able to edit an item or class ! if (!pnSecAuthAction(0, 'articles::classification', '::', ACCESS_EDIT) || ! !pnSecAuthAction(0, 'articles::item', '::', ACCESS_EDIT)) { $msg = pnML('Not authorized to access #(1) module administration', 'Articles'); *************** *** 53,58 **** } // Security check ! if (!pnSecAuthAction(0, 'articles::item', '::', ACCESS_ADD)) { $output->Text('Not authorised to carry out that operation'); return $output->GetOutput(); --- 54,71 ---- } + // Load user API to obtain item information function + if (!pnModAPILoad('articles', 'user')) { + $msg = pnML('Unable to load #(1) user API', + 'Articles'); + pnExceptionSet(PN_SYSTEM_EXCEPTION, 'NO_PERMISSION', + new SystemException($msg)); + return; + } + // Security check ! $input = array(); ! $input['ptid'] = $ptid; ! $input['access'] = ACCESS_ADD; ! if (!pnModAPIFunc('articles','user','checksecurity',$input)) { $output->Text('Not authorised to carry out that operation'); return $output->GetOutput(); *************** *** 305,309 **** } ! if (!pnSecAuthAction(0, 'articles::category', '::', ACCESS_EDIT)) { $msg = pnML('Not authorized to view #(1) items', 'Articles'); --- 318,322 ---- } ! if (!pnSecAuthAction(0, 'articles::classification', $ptid.'::', ACCESS_EDIT)) { $msg = pnML('Not authorized to view #(1) items', 'Articles'); *************** *** 339,344 **** $item['title'] = $article['title']; $item['pubdate'] = strftime(_DATETIMELONG, $article['pubdate']); ! ! if (pnSecAuthAction(0, 'articles::Item', "$article[title]::$article[aid]", ACCESS_EDIT)) { $item['editurl'] = pnModURL('articles', 'admin', --- 352,361 ---- $item['title'] = $article['title']; $item['pubdate'] = strftime(_DATETIMELONG, $article['pubdate']); ! ! // Security check ! $input = array(); ! $input['article'] = $article; ! $input['access'] = ACCESS_EDIT; ! if (pnModAPIFunc('articles','user','checksecurity',$input)) { $item['editurl'] = pnModURL('articles', 'admin', *************** *** 350,354 **** $item['edittitle'] = _EDIT; ! if (pnSecAuthAction(0, 'articles::Item', "$article[title]::$article[aid]", ACCESS_DELETE)) { $item['deleteurl'] = pnModURL('articles', 'admin', --- 367,372 ---- $item['edittitle'] = _EDIT; ! $input['access'] = ACCESS_DELETE; ! if (pnModAPIFunc('articles','user','checksecurity',$input)) { $item['deleteurl'] = pnModURL('articles', 'admin', *************** *** 473,478 **** } */ // Security check ! if (!pnSecAuthAction(0, 'articles::Item', "$article[title]::$aid", ACCESS_EDIT)) { $msg = pnML('Not authorized to modify #(1) item #(2)', 'Article', pnVarPrepForDisplay($aid)); --- 491,509 ---- } */ + + // Load user API to obtain item information function + if (!pnModAPILoad('articles', 'user')) { + $msg = pnML('Unable to load #(1) user API', + 'Articles'); + pnExceptionSet(PN_SYSTEM_EXCEPTION, 'NO_PERMISSION', + new SystemException($msg)); + return; + } + // Security check ! $input = array(); ! $input['article'] = $article; ! $input['access'] = ACCESS_EDIT; ! if (!pnModAPIFunc('articles','user','checksecurity',$input)) { $msg = pnML('Not authorized to modify #(1) item #(2)', 'Article', pnVarPrepForDisplay($aid)); *************** *** 566,578 **** $labels['update'] = pnVarPrepForDisplay(_ARTICLESUPDATE); - // Load user API to obtain item information function - if (!pnModAPILoad('articles', 'user')) { - $msg = pnML('Unable to load #(1) user API', - 'Articles'); - pnExceptionSet(PN_SYSTEM_EXCEPTION, 'NO_PERMISSION', - new SystemException($msg)); - return; - } - $pubtypes = pnModAPIFunc('articles','user','getpubtypes'); $item['pubtype'] = $pubtypes[$ptid]['descr']; --- 597,600 ---- *************** *** 612,618 **** 'confirmation'); // Security check ! if (!pnSecAuthAction(0, 'articles::Item', "::$aid", ACCESS_DELETE)) { ! pnSessionSetVar('errormsg', _NOAUTH); pnRedirect(pnModURL('articles', 'admin', 'view')); return false; --- 634,652 ---- 'confirmation'); + // Load user API to obtain item information function + if (!pnModAPILoad('articles', 'user')) { + $msg = pnML('Unable to load #(1) user API', + 'Articles'); + pnExceptionSet(PN_SYSTEM_EXCEPTION, 'NO_PERMISSION', + new SystemException($msg)); + return; + } + // Security check ! $input = array(); ! $input['aid'] = $aid; ! $input['access'] = ACCESS_DELETE; ! if (!pnModAPIFunc('articles','user','checksecurity',$input)) { ! pnSessionSetVar('errormsg', _NOTAUTHORISED); pnRedirect(pnModURL('articles', 'admin', 'view')); return false; *************** *** 680,685 **** function articles_admin_modifyconfig() { // Security check ! if (!pnSecAuthAction(0, 'articles::category', '::', ACCESS_ADMIN)) { $msg = pnML('Not authorized to change #(1) module configuration', 'Articles'); --- 714,725 ---- function articles_admin_modifyconfig() { + // Get parameters + $ptid = pnVarCleanFromInput('ptid'); + if (!isset($ptid)) { + $ptid = ''; + } + // Security check ! if (!pnSecAuthAction(0, 'articles::classification', $ptid.'::', ACCESS_ADMIN)) { $msg = pnML('Not authorized to change #(1) module configuration', 'Articles'); *************** *** 687,696 **** new SystemException($msg)); return; - } - - // Get parameters - $ptid = pnVarCleanFromInput('ptid'); - if (!isset($ptid)) { - $ptid = ''; } --- 727,730 ---- Index: pnuserapi.php =================================================================== RCS file: /home/cvsroot/postnuke_modules/articles/pnuserapi.php,v retrieving revision 1.30 retrieving revision 1.31 diff -C2 -d -r1.30 -r1.31 *** pnuserapi.php 1 Aug 2002 01:06:18 -0000 1.30 --- pnuserapi.php 1 Aug 2002 01:38:50 -0000 1.31 *************** *** 786,793 **** if (is_array($articlecids) && count($articlecids) > 0) { $article['cids'] = array_keys($articlecids); - } else { - $article['cids'] = array(); } ! } if (!isset($cids)) { --- 786,794 ---- if (is_array($articlecids) && count($articlecids) > 0) { $article['cids'] = array_keys($articlecids); } ! } ! if (!isset($article['cids'])) { ! $article['cids'] = array(); ! } if (!isset($cids)) {
View Statistics - Next Notice - Previous Notice
Visit Developer Site - Browse CVS Repository |
Syndicate via backend.rss (max. once per hour please) | Powered by CVSNotice 0.1.3 |