[geeklog-cvs] Geeklog-1.x/public_html/admin/plugins/links category.php, 1.10, 1.11
Dirk Haun
dhaun at qs1489.pair.com
Sun Dec 30 11:27:53 EST 2007
Update of /cvsroot/geeklog/Geeklog-1.x/public_html/admin/plugins/links
In directory qs1489.pair.com:/tmp/cvs-serv93859/public_html/admin/plugins/links
Modified Files:
category.php
Log Message:
Added a check for empty category names and description. More source code cosmetics.
Index: category.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/admin/plugins/links/category.php,v
retrieving revision 1.10
retrieving revision 1.11
diff -C2 -d -r1.10 -r1.11
*** category.php 30 Dec 2007 10:13:20 -0000 1.10
--- category.php 30 Dec 2007 16:27:51 -0000 1.11
***************
*** 153,157 ****
// Returns form to create a new category or edit an existing one
! function links_edit_category ($cid,$pid)
{
global $_CONF, $_TABLES, $_USER, $MESSAGE,
--- 153,157 ----
// Returns form to create a new category or edit an existing one
! function links_edit_category($cid, $pid)
{
global $_CONF, $_TABLES, $_USER, $MESSAGE,
***************
*** 160,172 ****
$retval = '';
! if ($pid <> '') {
// have parent id, so making a new subcategory
// get parent access rights
$result = DB_query("SELECT group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$pid}'");
$A = DB_fetchArray($result);
- $A['username'] = DB_getItem ($_TABLES['users'], 'username', "uid={$_USER['uid']}");
$A['owner_id'] = $_USER['uid'];
$A['pid'] = $pid;
! } elseif ($cid <> '') {
// have category id, so editing a category
$sql = "SELECT * FROM {$_TABLES['linkcategories']} WHERE cid='{$cid}'"
--- 160,171 ----
$retval = '';
! if (!empty($pid)) {
// have parent id, so making a new subcategory
// get parent access rights
$result = DB_query("SELECT group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$pid}'");
$A = DB_fetchArray($result);
$A['owner_id'] = $_USER['uid'];
$A['pid'] = $pid;
! } elseif (!empty($cid)) {
// have category id, so editing a category
$sql = "SELECT * FROM {$_TABLES['linkcategories']} WHERE cid='{$cid}'"
***************
*** 174,201 ****
$result = DB_query($sql);
$A = DB_fetchArray($result);
- $A['username'] = DB_getItem ($_TABLES['users'], 'username', "uid={$A['owner_id']}");
} else {
// nothing, so making a new top-level category
// get default access rights
! $A['group_id'] = DB_getItem ($_TABLES['groups'], 'grp_id', "grp_name='Links Admin'");
! SEC_setDefaultPermissions ($A, $_LI_CONF['default_permissions']);
! $A['username'] = DB_getItem ($_TABLES['users'], 'username', "uid={$_USER['uid']}");
! $A['owner_id'] = $_USER['uid'];
! $A['pid'] = $_LI_CONF['root'];
}
! $access = SEC_hasAccess ($A['owner_id'], $A['group_id'], $A['perm_owner'],
! $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access < 3) {
! return $LANG_LINKS_ADMIN[60];
}
! $retval .= COM_startBlock ($LANG_LINKS_ADMIN[56], '', COM_getBlockTemplate ('_admin_block', 'header'));
$T = new Template($_CONF['path'] . 'plugins/links/templates/admin');
! $T->set_file(array('page'=>'categoryeditor.thtml'));
! $T->set_var( 'xhtml', XHTML );
$T->set_var('site_url', $_CONF['site_url']);
$T->set_var('site_admin_url', $_CONF['site_admin_url']);
--- 173,199 ----
$result = DB_query($sql);
$A = DB_fetchArray($result);
} else {
// nothing, so making a new top-level category
// get default access rights
! $A['group_id'] = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='Links Admin'");
! SEC_setDefaultPermissions($A, $_LI_CONF['default_permissions']);
! $A['owner_id'] = $_USER['uid'];
! $A['pid'] = $_LI_CONF['root'];
}
! $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'],
! $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access < 3) {
! return COM_showMessage(6, 'links');
}
! $retval .= COM_startBlock($LANG_LINKS_ADMIN[56], '',
! COM_getBlockTemplate('_admin_block', 'header'));
$T = new Template($_CONF['path'] . 'plugins/links/templates/admin');
! $T->set_file(array('page' => 'categoryeditor.thtml'));
! $T->set_var('xhtml', XHTML);
$T->set_var('site_url', $_CONF['site_url']);
$T->set_var('site_admin_url', $_CONF['site_admin_url']);
***************
*** 215,218 ****
--- 213,217 ----
$T->set_var('lang_parent', $LANG_LINKS_ADMIN[34]);
$T->set_var('lang_save', $LANG_ADMIN['save']);
+
if (!empty($cid)) {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete']
***************
*** 226,247 ****
$T->set_var('lang_cancel', $LANG_ADMIN['cancel']);
! if ($cid <> '') {
$T->set_var('cid_value', $A['cid']);
$T->set_var('old_cid_value', $A['cid']);
! //$T->set_var('title_id', $A['title_id']);
! //$T->set_var('desc_id', $A['desc_id']);
! $T->set_var('category_options', links_select_box (3,$A['pid']));
$T->set_var('category_value', $A['category']);
$T->set_var('description_value', $A['description']);
! //$T->set_var('icon_value', $A['icon']);
! $T->set_var('topic_list', COM_topicList ('tid,topic', $A['tid'],1,true));
} else {
! $A['cid'] = COM_makeSID ();
$T->set_var('cid_value', $A['cid']);
! $T->set_var('category_options', links_select_box (3,$A['pid']));
$T->set_var('category_value', '');
$T->set_var('description_value', '');
! $T->set_var('icon_value', '');
! $T->set_var('topic_list', COM_topicList ('tid,topic','',1,true));
}
--- 225,244 ----
$T->set_var('lang_cancel', $LANG_ADMIN['cancel']);
! if (!empty($cid)) {
$T->set_var('cid_value', $A['cid']);
$T->set_var('old_cid_value', $A['cid']);
! $T->set_var('category_options', links_select_box(3, $A['pid']));
$T->set_var('category_value', $A['category']);
$T->set_var('description_value', $A['description']);
! $T->set_var('topic_list',
! COM_topicList('tid,topic', $A['tid'], 1, true));
} else {
! $A['cid'] = COM_makeSid();
$T->set_var('cid_value', $A['cid']);
! $T->set_var('old_cid_value', '');
! $T->set_var('category_options', links_select_box(3, $A['pid']));
$T->set_var('category_value', '');
$T->set_var('description_value', '');
! $T->set_var('topic_list', COM_topicList('tid,topic', '', 1, true));
}
***************
*** 249,264 ****
$T->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$T->set_var('lang_owner', $LANG_ACCESS['owner']);
! $T->set_var('owner_name', COM_getDisplayName ($A['owner_id']));
$T->set_var('cat_ownerid', $A['owner_id']);
$T->set_var('lang_group', $LANG_ACCESS['group']);
! $T->set_var('group_dropdown', SEC_getGroupDropdown ($A['group_id'], $access));
$T->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$T->set_var('lang_permissionskey', $LANG_ACCESS['permissionskey']);
! $T->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']));
$T->set_var('lang_lockmsg', $LANG_ACCESS['permmsg']);
! $T->parse('output','page');
$retval .= $T->finish($T->get_var('output'));
! $retval .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer'));
return $retval;
--- 246,262 ----
$T->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$T->set_var('lang_owner', $LANG_ACCESS['owner']);
! $T->set_var('owner_name', COM_getDisplayName($A['owner_id']));
$T->set_var('cat_ownerid', $A['owner_id']);
$T->set_var('lang_group', $LANG_ACCESS['group']);
! $T->set_var('group_dropdown', SEC_getGroupDropdown($A['group_id'], $access));
$T->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$T->set_var('lang_permissionskey', $LANG_ACCESS['permissionskey']);
! $T->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'],
! $A['perm_group'], $A['perm_members'], $A['perm_anon']));
$T->set_var('lang_lockmsg', $LANG_ACCESS['permmsg']);
! $T->parse('output', 'page');
$retval .= $T->finish($T->get_var('output'));
! $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
***************
*** 286,300 ****
$category = addslashes (COM_checkHTML (COM_checkWords ($category)));
// Check cid to make sure not illegal
if (($cid == $_LI_CONF['root']) || ($cid == 'user')) {
return 11;
}
! // check that they didn't delete the cid. If so, get the hidden one
if (empty($cid) && !empty($old_cid)) {
$cid = $old_cid;
}
! // Make sure they aren't making a parent category child of one of it's own children
! // This would create orphans
! if ($cid==DB_getItem($_TABLES['linkcategories'], 'pid',"cid='{$pid}'")) {
return 12;
}
--- 284,304 ----
$category = addslashes (COM_checkHTML (COM_checkWords ($category)));
+ if (empty($category) || empty($description)) {
+ return 7;
+ }
+
// Check cid to make sure not illegal
if (($cid == $_LI_CONF['root']) || ($cid == 'user')) {
return 11;
}
!
! // Check that they didn't delete the cid. If so, get the hidden one
if (empty($cid) && !empty($old_cid)) {
$cid = $old_cid;
}
!
! // Make sure they aren't making a parent category child of one of it's own
! // children. This would create orphans
! if ($cid == DB_getItem($_TABLES['linkcategories'], 'pid',"cid='{$pid}'")) {
return 12;
}
***************
*** 303,309 ****
if (DB_count ($_TABLES['linkcategories'], 'cid', $old_cid) > 0) {
// update existing item, but new cid so get access from database with old cid
! $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,
! perm_members,perm_anon FROM {$_TABLES['linkcategories']}
! WHERE cid='{$old_cid}'");
$A = DB_fetchArray ($result);
$access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],
--- 307,311 ----
if (DB_count ($_TABLES['linkcategories'], 'cid', $old_cid) > 0) {
// update existing item, but new cid so get access from database with old cid
! $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$old_cid}'");
$A = DB_fetchArray ($result);
$access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],
***************
*** 313,319 ****
} else if (DB_count ($_TABLES['linkcategories'], 'cid', $cid) > 0) {
// update existing item, same cid, so get access from database with existing cid
! $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,
! perm_members,perm_anon FROM {$_TABLES['linkcategories']}
! WHERE cid='{$cid}'");
$A = DB_fetchArray ($result);
$access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],
--- 315,319 ----
} else if (DB_count ($_TABLES['linkcategories'], 'cid', $cid) > 0) {
// update existing item, same cid, so get access from database with existing cid
! $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group, perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$cid}'");
$A = DB_fetchArray ($result);
$access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],
***************
*** 331,343 ****
if ($access < 3) {
// no access rights: user should not be here
! $display .= COM_siteHeader ('menu');
! $display .= COM_startBlock ($LANG_LINKS[14], '',
! COM_getBlockTemplate ('_msg_block', 'header'));
! $display .= $LANG_LINKS_ADMIN[60];
! $display .= COM_endBlock(COM_getBlockTemplate ('_msg_block', 'footer'));
! $display .= COM_siteFooter ();
! COM_accessLog(sprintf($LANG_LINKS_ADMIN[61], $_USER['username'], $cid));
! echo $display;
! exit;
} else {
// save item
--- 331,336 ----
if ($access < 3) {
// no access rights: user should not be here
! COM_accessLog(sprintf($LANG_LINKS_ADMIN[60], $_USER['username'], $cid));
! return 6;
} else {
// save item
***************
*** 373,377 ****
// insert a new item
if (empty($cid)) {
! $cid = COM_makesid();
}
$sql = "INSERT INTO {$_TABLES['linkcategories']}
--- 366,370 ----
// insert a new item
if (empty($cid)) {
! $cid = COM_makeSid();
}
$sql = "INSERT INTO {$_TABLES['linkcategories']}
***************
*** 390,394 ****
}
! return 10;
}
--- 383,387 ----
}
! return 10; // success message
}
More information about the geeklog-cvs
mailing list