[geeklog-cvs] geeklog-1.3/public_html/admin group.php,1.36,1.37
dhaun at iowaoutdoors.org
dhaun at iowaoutdoors.org
Sat Jul 24 14:26:35 EDT 2004
Update of /var/cvs/geeklog-1.3/public_html/admin
In directory www:/tmp/cvs-serv18825
Modified Files:
group.php
Log Message:
Added parameter filtering.
Index: group.php
===================================================================
RCS file: /var/cvs/geeklog-1.3/public_html/admin/group.php,v
retrieving revision 1.36
retrieving revision 1.37
diff -C2 -d -r1.36 -r1.37
*** group.php 29 Feb 2004 18:45:13 -0000 1.36
--- group.php 24 Jul 2004 18:26:32 -0000 1.37
***************
*** 45,54 ****
* Geeklog common function library
*/
! require_once('../lib-common.php');
/**
* Verifies that current user even has access to the page to this point
*/
! require_once('auth.inc.php');
// Uncomment the line below if you need to debug the HTTP variables being passed
--- 45,54 ----
* Geeklog common function library
*/
! require_once ('../lib-common.php');
/**
* Verifies that current user even has access to the page to this point
*/
! require_once ('auth.inc.php');
// Uncomment the line below if you need to debug the HTTP variables being passed
***************
*** 60,64 ****
// Make sure user has rights to access this page
! if (!SEC_hasRights('group.edit')) {
$display .= COM_siteHeader ('menu');
$display .= COM_startBlock ($MESSAGE[30], '',
--- 60,64 ----
// Make sure user has rights to access this page
! if (!SEC_hasRights ('group.edit')) {
$display .= COM_siteHeader ('menu');
$display .= COM_startBlock ($MESSAGE[30], '',
***************
*** 67,71 ****
$display .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
$display .= COM_siteFooter ();
! COM_accessLog("User {$_USER['username']} tried to illegally access the group administration screen.");
echo $display;
exit;
--- 67,71 ----
$display .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
$display .= COM_siteFooter ();
! COM_accessLog ("User {$_USER['username']} tried to illegally access the group administration screen.");
echo $display;
exit;
***************
*** 314,318 ****
// instead, be removed from that group directly
$indirectfeatures = getIndirectFeatures ($grp_id);
! $indirectfeatures = explode(',',$indirectfeatures);
// Build an array of indirect features
--- 314,318 ----
// instead, be removed from that group directly
$indirectfeatures = getIndirectFeatures ($grp_id);
! $indirectfeatures = explode (',', $indirectfeatures);
// Build an array of indirect features
***************
*** 330,334 ****
// Now merge the two arrays
! $grpftarray = array_merge($grpftarray,$grpftarray1);
if ($VERBOSE) {
// this is for debugging purposes
--- 330,334 ----
// Now merge the two arrays
! $grpftarray = array_merge ($grpftarray, $grpftarray1);
if ($VERBOSE) {
// this is for debugging purposes
***************
*** 384,395 ****
* @param array $features Features the group has access to
* @param array $groups Groups this group will belong to
! * @return string Either empty string on success (cause of refresh) or HTML for some sort of error
*
*/
! function savegroup($grp_id,$grp_name,$grp_descr,$grp_gl_core,$features,$groups)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $VERBOSE;
! if (!empty($grp_name) && !empty($grp_descr)) {
$GroupAdminGroups = SEC_getUserGroups ();
if (!empty ($grp_id) && ($grp_id > 0) &&
--- 384,395 ----
* @param array $features Features the group has access to
* @param array $groups Groups this group will belong to
! * @return string HTML refresh or error message
*
*/
! function savegroup ($grp_id, $grp_name, $grp_descr, $grp_gl_core, $features, $groups)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $VERBOSE;
! if (!empty ($grp_name) && !empty ($grp_descr)) {
$GroupAdminGroups = SEC_getUserGroups ();
if (!empty ($grp_id) && ($grp_id > 0) &&
***************
*** 401,405 ****
if ($grp_gl_core == 1 AND !is_array ($features)) {
! COM_errorLog("Sorry, no valid features were passed to this core group ($grp_id) and saving could cause problem...bailing.");
return COM_refresh ($_CONF['site_admin_url'] . '/group.php');
--- 401,405 ----
if ($grp_gl_core == 1 AND !is_array ($features)) {
! COM_errorLog ("Sorry, no valid features were passed to this core group ($grp_id) and saving could cause problem...bailing.");
return COM_refresh ($_CONF['site_admin_url'] . '/group.php');
***************
*** 645,649 ****
}
! function grp_selectUsers($group_id = "0", $allusers=false)
{
global $_TABLES, $_USER;
--- 645,649 ----
}
! function grp_selectUsers ($group_id = '0', $allusers = false)
{
global $_TABLES, $_USER;
***************
*** 667,677 ****
}
}
return $retval;
}
! function editusers($group)
{
! global $_CONF, $_TABLES, $LANG_ACCESS;
$thisUsersGroups = SEC_getUserGroups ();
--- 667,678 ----
}
}
+
return $retval;
}
! function editusers ($group)
{
! global $_CONF, $_TABLES, $_USER, $LANG_ACCESS;
$thisUsersGroups = SEC_getUserGroups ();
***************
*** 710,718 ****
$retval .= $groupmembers->finish($groupmembers->get_var('output'));
$retval .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer'));
- Return $retval;
}
! function savegroupusers($groupid,$groupmembers)
{
global $_CONF, $_TABLES;
--- 711,719 ----
$retval .= $groupmembers->finish($groupmembers->get_var('output'));
$retval .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer'));
+ return $retval;
}
! function savegroupusers ($groupid, $groupmembers)
{
global $_CONF, $_TABLES;
***************
*** 731,734 ****
--- 732,738 ----
* Delete a group
*
+ * @param int $grp_id id of group to delete
+ * @return string HTML redirect
+ *
*/
function deleteGroup ($grp_id)
***************
*** 759,763 ****
--- 763,776 ----
// MAIN
+ $http_input_vars = array();
+ if (count ($HTTP_POST_VARS) == 0) {
+ $http_input_vars = $HTTP_GET_VARS;
+ } else {
+ $http_input_vars = $HTTP_POST_VARS;
+ }
+ $mode = $http_input_vars['mode'];
+
if (($mode == $LANG_ACCESS['delete']) && !empty ($LANG_ACCESS['delete'])) {
+ $grp_id = COM_applyFilter ($http_input_vars['grp_id'], true);
if (!isset ($grp_id) || empty ($grp_id) || ($grp_id == 0)) {
COM_errorLog ('Attempted to delete group grp_id=' . $grp_id);
***************
*** 767,793 ****
}
} else if (($mode == $LANG_ACCESS['save']) && !empty ($LANG_ACCESS['save'])) {
! $display .= savegroup($grp_id,$grp_name,$grp_descr,$grp_gl_core,$features,
! $HTTP_POST_VARS[$_TABLES['groups']]);
} else if ($mode == 'savegroupusers') {
! $display .= savegroupusers($grp_id, $HTTP_POST_VARS['groupmembers']);
} else if ($mode == 'edit') {
! $display .= COM_siteHeader('menu');
! $display .= editgroup($grp_id);
! $display .= COM_siteFooter();
} else if ($mode == 'listusers') {
$display .= COM_siteHeader ('menu');
$display .= listusers ($grp_id, $page);
$display .= COM_siteFooter ();
} else if ($mode == 'editusers') {
$display .= COM_siteHeader ('menu');
$display .= editusers ($grp_id, $page);
$display .= COM_siteFooter ();
} else { // 'cancel' or no mode at all
! $display .= COM_siteHeader('menu');
! if (isset ($msg)) {
! $display .= COM_showMessage($msg);
}
! $display .= listgroups();
! $display .= COM_siteFooter();
}
--- 780,816 ----
}
} else if (($mode == $LANG_ACCESS['save']) && !empty ($LANG_ACCESS['save'])) {
! $display .= savegroup ($HTTP_POST_VARS['grp_id'],
! $HTTP_POST_VARS['grp_name'],
! $HTTP_POST_VARS['grp_descr'],
! $HTTP_POST_VARS['grp_gl_core'],
! $HTTP_POST_VARS['features'],
! $HTTP_POST_VARS[$_TABLES['groups']]);
} else if ($mode == 'savegroupusers') {
! $grp_id = COM_applyFilter ($http_input_vars['grp_id'], true);
! $display .= savegroupusers ($grp_id, $HTTP_POST_VARS['groupmembers']);
} else if ($mode == 'edit') {
! $grp_id = COM_applyFilter ($http_input_vars['grp_id'], true);
! $display .= COM_siteHeader ('menu');
! $display .= editgroup ($grp_id);
! $display .= COM_siteFooter ();
} else if ($mode == 'listusers') {
+ $grp_id = COM_applyFilter ($http_input_vars['grp_id'], true);
+ $page = COM_applyFilter ($http_input_vars['page'], true);
$display .= COM_siteHeader ('menu');
$display .= listusers ($grp_id, $page);
$display .= COM_siteFooter ();
} else if ($mode == 'editusers') {
+ $grp_id = COM_applyFilter ($http_input_vars['grp_id'], true);
+ $page = COM_applyFilter ($http_input_vars['page'], true);
$display .= COM_siteHeader ('menu');
$display .= editusers ($grp_id, $page);
$display .= COM_siteFooter ();
} else { // 'cancel' or no mode at all
! $display .= COM_siteHeader ('menu');
! if (isset ($http_input_vars['msg'])) {
! $display .= COM_showMessage (COM_applyFilter ($http_input_vars['msg'], true));
}
! $display .= listgroups ();
! $display .= COM_siteFooter ();
}
More information about the geeklog-cvs
mailing list