[geeklog-cvs] geeklog-1.3/public_html/admin block.php,1.52,1.52.2.1 event.php,1.39,1.39.2.1 group.php,1.28,1.28.2.1 link.php,1.34,1.34.2.1 poll.php,1.33,1.33.2.1 story.php,1.99,1.99.2.1 topic.php,1.37,1.37.2.1
dhaun at geeklog.net
dhaun at geeklog.net
Sun Jan 18 14:58:03 EST 2004
Update of /usr/cvs/geeklog/geeklog-1.3/public_html/admin
In directory geeklog_prod:/tmp/cvs-serv3527
Modified Files:
Tag: geeklog_1_3_8_1_1
block.php event.php group.php link.php poll.php story.php
topic.php
Log Message:
Implemented additional checks before deleting an object.
Index: block.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/admin/block.php,v
retrieving revision 1.52
retrieving revision 1.52.2.1
diff -C2 -d -r1.52 -r1.52.2.1
*** block.php 31 Jul 2003 12:10:44 -0000 1.52
--- block.php 18 Jan 2004 19:58:01 -0000 1.52.2.1
***************
*** 9,13 ****
// | Geeklog block administration. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2003 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony at tonybibbs.com |
--- 9,13 ----
// | Geeklog block administration. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2004 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony at tonybibbs.com |
***************
*** 517,520 ****
--- 517,542 ----
}
+ /**
+ * Delete a block
+ *
+ */
+ function deleteBlock ($bid)
+ {
+ global $_CONF, $_TABLES, $_USER;
+
+ $result = DB_query ("SELECT tid,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid ='$bid'");
+ $A = DB_fetchArray($result);
+ $access = SEC_hasAccess ($A['owner_id'], $A['group_id'], $A['perm_owner'],
+ $A['perm_group'], $A['perm_members'], $A['perm_anon']);
+ if (($access < 3) || (hasBlockTopicAccess ($A['tid']) < 3)) {
+ COM_accessLog ("User {$_USER['username']} tried to illegally delete block $bid.");
+ return COM_refresh ($_CONF['site_admin_url'] . '/block.php');
+ }
+
+ DB_delete ($_TABLES['blocks'], 'bid', $bid);
+
+ return COM_refresh ($_CONF['site_admin_url'] . '/block.php?msg=12');
+ }
+
// MAIN
if (isset ($HTTP_POST_VARS['mode'])) {
***************
*** 536,540 ****
$display .= COM_refresh ($_CONF['site_admin_url'] . '/block.php');
} else {
! DB_delete($_TABLES['blocks'],'bid',$bid,$_CONF['site_admin_url'] . '/block.php?msg=12');
}
} else if (($mode == $LANG21[54]) && !empty ($LANG21[54])) { // save
--- 558,562 ----
$display .= COM_refresh ($_CONF['site_admin_url'] . '/block.php');
} else {
! $display .= deleteBlock ($bid);
}
} else if (($mode == $LANG21[54]) && !empty ($LANG21[54])) { // save
Index: event.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/admin/event.php,v
retrieving revision 1.39
retrieving revision 1.39.2.1
diff -C2 -d -r1.39 -r1.39.2.1
*** event.php 19 Jun 2003 20:01:41 -0000 1.39
--- event.php 18 Jan 2004 19:58:01 -0000 1.39.2.1
***************
*** 9,13 ****
// | Geeklog event administration page. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2003 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony at tonybibbs.com |
--- 9,13 ----
// | Geeklog event administration page. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2004 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony at tonybibbs.com |
***************
*** 515,518 ****
--- 515,519 ----
}
}
+
/**
* lists all the events in the system
***************
*** 569,572 ****
--- 570,596 ----
}
+ /**
+ * Delete an event
+ *
+ */
+ function deleteEvent ($eid)
+ {
+ global $_CONF, $_TABLES, $_USER;
+
+ $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['events']} WHERE eid = '$eid'");
+ $A = DB_fetchArray ($result);
+ $access = SEC_hasAccess ($A['owner_id'], $A['group_id'], $A['perm_owner'],
+ $A['perm_group'], $A['perm_members'], $A['perm_anon']);
+ if ($access < 3) {
+ COM_accessLog ("User {$_USER['username']} tried to illegally delete event $eid.");
+ return COM_refresh ($_CONF['site_admin_url'] . '/event.php');
+ }
+
+ DB_delete ($_TABLES['events'], 'eid', $eid);
+ DB_delete ($_TABLES['personal_events'], 'eid', $eid);
+
+ return COM_refresh ($_CONF['site_admin_url'] . '/event.php?msg=18');
+ }
+
// MAIN
***************
*** 576,582 ****
$display .= COM_refresh ($_CONF['site_admin_url'] . '/event.php');
} else {
! DB_delete($_TABLES['events'],'eid',$eid);
! DB_delete($_TABLES['personal_events'],'eid',$eid);
! $display = COM_refresh ($_CONF['site_admin_url'] . '/event.php?msg=18');
}
} else if (($mode == $LANG22[20]) && !empty ($LANG22[20])) { // save
--- 600,604 ----
$display .= COM_refresh ($_CONF['site_admin_url'] . '/event.php');
} else {
! $display .= deleteEvent ($eid);
}
} else if (($mode == $LANG22[20]) && !empty ($LANG22[20])) { // save
Index: group.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/admin/group.php,v
retrieving revision 1.28
retrieving revision 1.28.2.1
diff -C2 -d -r1.28 -r1.28.2.1
*** group.php 28 Jun 2003 11:24:45 -0000 1.28
--- group.php 18 Jan 2004 19:58:01 -0000 1.28.2.1
***************
*** 9,13 ****
// | Geeklog group administration page. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2003 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony at tonybibbs.com |
--- 9,13 ----
// | Geeklog group administration page. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2004 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony at tonybibbs.com |
***************
*** 580,583 ****
--- 580,605 ----
}
+ /**
+ * Delete a group
+ *
+ */
+ function deleteGroup ($grp_id)
+ {
+ global $_CONF, $_TABLES, $_USER;
+
+ if (!SEC_inGroup ('Root') && (DB_getItem ($_TABLES['groups'], 'grp_name',
+ "grp_id = $grp_id") == 'Root')) {
+ COM_accessLog ("User {$_USER['username']} tried to delete the Root group with insufficient privileges.");
+ return COM_refresh ($_CONF['site_admin_url'] . '/group.php');
+ }
+
+ DB_delete ($_TABLES['access'], 'acc_grp_id', $grp_id);
+ DB_delete ($_TABLES['group_assignments'], 'ug_grp_id', $grp_id);
+ DB_delete ($_TABLES['group_assignments'], 'ug_main_grp_id', $grp_id);
+ DB_delete ($_TABLES['groups'], 'grp_id', $grp_id);
+
+ return COM_refresh ($_CONF['site_admin_url'] . '/group.php?msg=50');
+ }
+
// MAIN
if (($mode == $LANG_ACCESS['delete']) && !empty ($LANG_ACCESS['delete'])) {
***************
*** 586,592 ****
$display .= COM_refresh ($_CONF['site_admin_url'] . '/group.php');
} else {
! DB_delete($_TABLES['access'],'acc_grp_id',$grp_id);
! DB_delete($_TABLES['groups'],'grp_id',$grp_id);
! $display = COM_refresh($_CONF['site_admin_url'] . '/group.php?msg=50');
}
} else if (($mode == $LANG_ACCESS['save']) && !empty ($LANG_ACCESS['save'])) {
--- 608,612 ----
$display .= COM_refresh ($_CONF['site_admin_url'] . '/group.php');
} else {
! $display .= deleteGroup ($grp_id);
}
} else if (($mode == $LANG_ACCESS['save']) && !empty ($LANG_ACCESS['save'])) {
Index: link.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/admin/link.php,v
retrieving revision 1.34
retrieving revision 1.34.2.1
diff -C2 -d -r1.34 -r1.34.2.1
*** link.php 21 Jun 2003 08:57:13 -0000 1.34
--- link.php 18 Jan 2004 19:58:01 -0000 1.34.2.1
***************
*** 9,13 ****
// | Geeklog links administration page. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000,2001 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony at tonybibbs.com |
--- 9,13 ----
// | Geeklog links administration page. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2004 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony at tonybibbs.com |
***************
*** 320,325 ****
}
! // MAIN
if (($mode == $LANG23[23]) && !empty ($LANG23[23])) { // delete
if (!isset ($lid) || empty ($lid) || ($lid == 0)) {
--- 320,346 ----
}
! /**
! * Delete a link
! *
! */
! function deleteLink ($lid)
! {
! global $_CONF, $_TABLES, $_USER;
+ $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid ='$lid'");
+ $A = DB_fetchArray ($result);
+ $access = SEC_hasAccess ($A['owner_id'], $A['group_id'], $A['perm_owner'],
+ $A['perm_group'], $A['perm_members'], $A['perm_anon']);
+ if ($access < 3) {
+ COM_accessLog ("User {$_USER['username']} tried to illegally delete link $lid.");
+ return COM_refresh ($_CONF['site_admin_url'] . '/link.php');
+ }
+
+ DB_delete ($_TABLES['links'], 'lid', $lid);
+
+ return COM_refresh ($_CONF['site_admin_url'] . '/link.php?msg=16');
+ }
+
+ // MAIN
if (($mode == $LANG23[23]) && !empty ($LANG23[23])) { // delete
if (!isset ($lid) || empty ($lid) || ($lid == 0)) {
***************
*** 327,331 ****
$display .= COM_refresh ($_CONF['site_admin_url'] . '/link.php');
} else {
! DB_delete($_TABLES['links'],'lid',$lid,$_CONF['site_admin_url'] . '/link.php?msg=16');
}
} else if (($mode == $LANG23[21]) && !empty ($LANG23[21])) { // save
--- 348,352 ----
$display .= COM_refresh ($_CONF['site_admin_url'] . '/link.php');
} else {
! $display .= deleteLink ($lid);
}
} else if (($mode == $LANG23[21]) && !empty ($LANG23[21])) { // save
Index: poll.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/admin/poll.php,v
retrieving revision 1.33
retrieving revision 1.33.2.1
diff -C2 -d -r1.33 -r1.33.2.1
*** poll.php 14 Jul 2003 17:02:42 -0000 1.33
--- poll.php 18 Jan 2004 19:58:01 -0000 1.33.2.1
***************
*** 9,13 ****
// | Geeklog poll administration page |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2003 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony at tonybibbs.com |
--- 9,13 ----
// | Geeklog poll administration page |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2004 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony at tonybibbs.com |
***************
*** 369,372 ****
--- 369,395 ----
}
+ /**
+ * Delete a poll
+ *
+ */
+ function deletePoll ($qid)
+ {
+ global $_CONF, $_TABLES, $_USER;
+
+ $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['pollquestions']} WHERE qid = '$qid'");
+ $Q = DB_fetchArray ($result);
+ $access = SEC_hasAccess ($Q['owner_id'], $Q['group_id'], $Q['perm_owner'],
+ $Q['perm_group'], $Q['perm_members'], $Q['perm_anon']);
+ if ($access < 3) {
+ COM_accessLog ("User {$_USER['username']} tried to illegally delete poll $qid.");
+ return COM_refresh ($_CONF['site_admin_url'] . '/poll.php');
+ }
+
+ DB_delete ($_TABLES['pollquestions'], 'qid', $qid);
+ DB_delete ($_TABLES['pollanswers'], 'qid', $qid);
+
+ return COM_refresh ($_CONF['site_admin_url'] . '/poll.php?msg=20');
+ }
+
// MAIN
***************
*** 400,406 ****
$display .= COM_refresh ($_CONF['site_admin_url'] . '/poll.php');
} else {
! DB_delete($_TABLES['pollquestions'],'qid',$qid);
! DB_delete($_TABLES['pollanswers'],'qid',$qid);
! $display .= COM_refresh($_CONF['site_admin_url'] . '/poll.php?msg=20');
}
} else { // 'cancel' or no mode at all
--- 423,427 ----
$display .= COM_refresh ($_CONF['site_admin_url'] . '/poll.php');
} else {
! $display .= deletePoll ($qid);
}
} else { // 'cancel' or no mode at all
Index: story.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/admin/story.php,v
retrieving revision 1.99
retrieving revision 1.99.2.1
diff -C2 -d -r1.99 -r1.99.2.1
*** story.php 25 Jul 2003 10:08:55 -0000 1.99
--- story.php 18 Jan 2004 19:58:01 -0000 1.99.2.1
***************
*** 933,937 ****
function deletestory ($sid)
{
! global $_TABLES, $_CONF;
$result = DB_query ("SELECT ai_filename FROM {$_TABLES['article_images']} WHERE ai_sid = '$sid'");
--- 933,947 ----
function deletestory ($sid)
{
! global $_CONF, $_TABLES, $_USER;
!
! $result = DB_query ("SELECT tid,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '$sid'");
! $A = DB_fetchArray ($result);
! $access = SEC_hasAccess ($A['owner_id'], $A['group_id'], $A['perm_owner'],
! $A['perm_group'], $A['perm_members'], $A['perm_anon']);
! $access = min ($access, SEC_hasTopicAccess ($A['tid']));
! if ($access < 3) {
! COM_accessLog ("User {$_USER['username']} tried to illegally delete story $sid.");
! return COM_refresh ($_CONF['site_admin_url'] . '/story.php');
! }
$result = DB_query ("SELECT ai_filename FROM {$_TABLES['article_images']} WHERE ai_sid = '$sid'");
***************
*** 976,981 ****
echo COM_refresh ($_CONF['site_admin_url'] . '/story.php');
} else if ($type == 'submission') {
! DB_delete ($_TABLES['storysubmission'], 'sid', $sid,
! $_CONF['site_admin_url'] . '/moderation.php');
} else {
echo deletestory ($sid);
--- 986,997 ----
echo COM_refresh ($_CONF['site_admin_url'] . '/story.php');
} else if ($type == 'submission') {
! $tid = DB_getItem ($_TABLES['storysubmission'], 'tid', "sid = '$sid'");
! if (hasTopicAccess ($tid) < 3) {
! COM_accessLog ("User {$_USER['username']} tried to illegally delete story submission $sid.");
! return COM_refresh ($_CONF['site_admin_url'] . '/index.php');
! } else {
! DB_delete ($_TABLES['storysubmission'], 'sid', $sid,
! $_CONF['site_admin_url'] . '/moderation.php');
! }
} else {
echo deletestory ($sid);
Index: topic.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/admin/topic.php,v
retrieving revision 1.37
retrieving revision 1.37.2.1
diff -C2 -d -r1.37 -r1.37.2.1
*** topic.php 28 Jun 2003 11:29:03 -0000 1.37
--- topic.php 18 Jan 2004 19:58:01 -0000 1.37.2.1
***************
*** 9,13 ****
// | Geeklog topic administration page. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2003 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony at tonybibbs.com |
--- 9,13 ----
// | Geeklog topic administration page. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2004 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony at tonybibbs.com |
***************
*** 301,304 ****
--- 301,328 ----
}
+ /**
+ * Delete a topic
+ *
+ */
+ function deleteTopic ($tid)
+ {
+ global $_CONF, $_TABLES, $_USER;
+
+ $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid ='$tid'"); $A = DB_fetchArray ($result);
+ $access = SEC_hasAccess ($A['owner_id'], $A['group_id'], $A['perm_owner'],
+ $A['perm_group'], $A['perm_members'], $A['perm_anon']);
+ if ($access < 3) {
+ COM_accessLog ("User {$_USER['username']} tried to illegally delete topic $tid.");
+ return COM_refresh ($_CONF['site_admin_url'] . '/topic.php');
+ }
+
+ DB_delete ($_TABLES['stories'], 'tid', $tid);
+ DB_delete ($_TABLES['storysubmission'], 'tid', $tid);
+ DB_delete ($_TABLES['blocks'], 'tid', $tid);
+ DB_delete ($_TABLES['topics'], 'tid', $tid);
+
+ return COM_refresh ($_CONF['site_admin_url'] . '/topic.php?msg=14');
+ }
+
###############################################################################
# MAIN
***************
*** 310,317 ****
$display .= COM_refresh ($_CONF['site_admin_url'] . '/topic.php');
} else {
! DB_delete($_TABLES['stories'],'tid',$tid);
! DB_delete($_TABLES['storysubmission'],'tid',$tid);
! DB_delete($_TABLES['blocks'],'tid',$tid);
! DB_delete($_TABLES['topics'],'tid',$tid,$_CONF['site_admin_url'] . '/topic.php?msg=14');
}
} else if (($mode == $LANG27[19]) && !empty ($LANG27[19])) { // save
--- 334,338 ----
$display .= COM_refresh ($_CONF['site_admin_url'] . '/topic.php');
} else {
! $display .= deleteTopic ($tid);
}
} else if (($mode == $LANG27[19]) && !empty ($LANG27[19])) { // save
More information about the geeklog-cvs
mailing list