[geeklog-cvs] geeklog: Fixed inconsistencies and various small mistakes when d...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sun Nov 23 12:29:22 EST 2008
details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/1af9f9a87ef2
changeset: 6482:1af9f9a87ef2
user: Dirk Haun <dirk at haun-online.de>
date: Sun Nov 23 18:24:58 2008 +0100
description:
Fixed inconsistencies and various small mistakes when displaying "Access denied" messages on the admin pages
diffstat:
26 files changed, 161 insertions(+), 226 deletions(-)
language/english.php | 24 ++++++++--------
language/english_utf-8.php | 20 ++++++-------
language/german.php | 2 -
language/german_formal.php | 2 -
language/german_formal_utf-8.php | 2 -
language/german_utf-8.php | 2 -
public_html/admin/block.php | 27 +++++++-----------
public_html/admin/database.php | 33 ++++++++++-------------
public_html/admin/group.php | 15 ++++------
public_html/admin/mail.php | 15 ++++------
public_html/admin/plugins.php | 13 +++------
public_html/admin/plugins/calendar/index.php | 18 ++++--------
public_html/admin/plugins/links/category.php | 11 ++-----
public_html/admin/plugins/links/index.php | 25 ++++++-----------
public_html/admin/plugins/polls/index.php | 26 ++++++------------
public_html/admin/plugins/spamx/index.php | 18 ++++++------
public_html/admin/plugins/staticpages/index.php | 16 +++++------
public_html/admin/sectest.php | 16 +++++------
public_html/admin/story.php | 9 ++----
public_html/admin/syndication.php | 13 ++++-----
public_html/admin/topic.php | 22 ++++++---------
public_html/admin/trackback.php | 11 ++-----
public_html/admin/user.php | 11 ++-----
public_html/docs/history | 2 +
system/classes/config.class.php | 7 +---
system/lib-story.php | 27 ++++++------------
diffs (truncated from 767 to 300 lines):
diff -r daf8ec875097 -r 1af9f9a87ef2 language/english.php
--- a/language/english.php Sun Nov 23 18:02:28 2008 +0100
+++ b/language/english.php Sun Nov 23 18:24:58 2008 +0100
@@ -1134,24 +1134,24 @@
26 => '',
27 => 'Message successfully sent.',
28 => 'The plugin has been successfully saved',
- 29 => '',
+ 29 => 'Sorry, you do not have access to this administration page. Please note that all attempts to access unauthorized features are logged',
30 => 'Access Denied',
- 31 => 'Sorry, you do not have access to the story administration page. Please note that all attempts to access unauthorized features are logged',
- 32 => 'Sorry, you do not have access to the topic administration page. Please note that all attempts to access unauthorized features are logged',
- 33 => 'Sorry, you do not have access to the block administration page. Please note that all attempts to access unauthorized features are logged',
+ 31 => '',
+ 32 => '',
+ 33 => '',
34 => '',
35 => '',
36 => '',
- 37 => 'Sorry, you do not have access to the user administration page. Please note that all attempts to access unauthorized features are logged',
- 38 => 'Sorry, you do not have access to the plugin administration page. Please note that all attempts to access unauthorized features are logged',
- 39 => 'Sorry, you do not have access to the mail administration page. Please note that all attempts to access unauthorized features are logged',
+ 37 => '',
+ 38 => '',
+ 39 => '',
40 => 'System Message',
- 41 => 'Sorry, you do not have access to the word replacement page. Please note that all attempts to access unauthorized features are logged',
- 42 => 'Your word has been successfully saved.',
- 43 => 'The word has been successfully deleted.',
+ 41 => '',
+ 42 => '',
+ 43 => '',
44 => 'The plugin was successfully installed!',
45 => 'The plugin was successfully deleted.',
- 46 => 'Sorry, you do not have access to the database backup utility. Please note that all attempts to access unauthorized features are logged',
+ 46 => '',
47 => 'This functionality only works under *nix. If you are running *nix as your operating system then your cache has been successfully cleared. If you are on Windows, you will need to search for files name adodb_*.php and remove them manually.',
48 => "Thank you for applying for a membership with {$_CONF['site_name']}. Our team will review your application. If approved, your password will be emailed to you at the email address you just entered.",
49 => 'Your group has been successfully saved.',
@@ -1201,7 +1201,7 @@
93 => 'Database back up was successful.',
94 => 'Backup Failed: Filesize less than 1kb',
95 => 'There was an error.',
- 96 => 'Sorry, you do not have access to the configuration administration page. Please note that all attempts to access unauthorized features are logged.',
+ 96 => '',
97 => 'Not all required fields have been passed validation - default custom membership message',
98 => 'The plugin was successfully uploaded.',
99 => 'The plugin already exists.',
diff -r daf8ec875097 -r 1af9f9a87ef2 language/english_utf-8.php
--- a/language/english_utf-8.php Sun Nov 23 18:02:28 2008 +0100
+++ b/language/english_utf-8.php Sun Nov 23 18:24:58 2008 +0100
@@ -1134,24 +1134,24 @@
26 => '',
27 => 'Message successfully sent.',
28 => 'The plugin has been successfully saved',
- 29 => '',
+ 29 => 'Sorry, you do not have access to this administration page. Please note that all attempts to access unauthorized features are logged',
30 => 'Access Denied',
- 31 => 'Sorry, you do not have access to the story administration page. Please note that all attempts to access unauthorized features are logged',
- 32 => 'Sorry, you do not have access to the topic administration page. Please note that all attempts to access unauthorized features are logged',
- 33 => 'Sorry, you do not have access to the block administration page. Please note that all attempts to access unauthorized features are logged',
+ 31 => '',
+ 32 => '',
+ 33 => '',
34 => '',
35 => '',
36 => '',
- 37 => 'Sorry, you do not have access to the user administration page. Please note that all attempts to access unauthorized features are logged',
- 38 => 'Sorry, you do not have access to the plugin administration page. Please note that all attempts to access unauthorized features are logged',
- 39 => 'Sorry, you do not have access to the mail administration page. Please note that all attempts to access unauthorized features are logged',
+ 37 => '',
+ 38 => '',
+ 39 => '',
40 => 'System Message',
- 41 => 'Sorry, you do not have access to the word replacement page. Please note that all attempts to access unauthorized features are logged',
+ 41 => '',
42 => 'Your word has been successfully saved.',
43 => 'The word has been successfully deleted.',
44 => 'The plugin was successfully installed!',
45 => 'The plugin was successfully deleted.',
- 46 => 'Sorry, you do not have access to the database backup utility. Please note that all attempts to access unauthorized features are logged',
+ 46 => '',
47 => 'This functionality only works under *nix. If you are running *nix as your operating system then your cache has been successfully cleared. If you are on Windows, you will need to search for files name adodb_*.php and remove them manually.',
48 => "Thank you for applying for a membership with {$_CONF['site_name']}. Our team will review your application. If approved, your password will be emailed to you at the email address you just entered.",
49 => 'Your group has been successfully saved.',
@@ -1201,7 +1201,7 @@
93 => 'Database back up was successful.',
94 => 'Backup Failed: Filesize less than 1kb',
95 => 'There was an error.',
- 96 => 'Sorry, you do not have access to the configuration administration page. Please note that all attempts to access unauthorized features are logged.',
+ 96 => '',
97 => 'Not all required fields have been passed validation - default custom membership message',
98 => 'The plugin was successfully uploaded.',
99 => 'The plugin already exists.',
diff -r daf8ec875097 -r 1af9f9a87ef2 language/german.php
--- a/language/german.php Sun Nov 23 18:02:28 2008 +0100
+++ b/language/german.php Sun Nov 23 18:24:58 2008 +0100
@@ -1119,7 +1119,7 @@
26 => '',
27 => 'Nachricht wurde verschickt.',
28 => 'Das Plugin wurde gespeichert.',
- 29 => '',
+ 29 => 'Du hast keinen Zugriff auf diese Administrationsseite. Alle Versuche, auf Bereiche ohne entsprechende Berechtigung zuzugreifen, werden protokolliert.',
30 => 'Zugriff verweigert',
31 => 'Du hast keinen Zugriff auf die Artikel-Administrationsseite. Alle Versuche, auf Bereiche ohne entsprechende Berechtigung zuzugreifen, werden protokolliert.',
32 => 'Du hast keinen Zugriff auf die Kategorie-Administrationsseite. Alle Versuche, auf Bereiche ohne entsprechende Berechtigung zuzugreifen, werden protokolliert.',
diff -r daf8ec875097 -r 1af9f9a87ef2 language/german_formal.php
--- a/language/german_formal.php Sun Nov 23 18:02:28 2008 +0100
+++ b/language/german_formal.php Sun Nov 23 18:24:58 2008 +0100
@@ -1120,7 +1120,7 @@
26 => '',
27 => 'Nachricht wurde verschickt.',
28 => 'Das Plugin wurde gespeichert.',
- 29 => '',
+ 29 => 'Sie haben keinen Zugriff auf diese Administrationsseite. Alle Versuche, auf Bereiche ohne entsprechende Berechtigung zuzugreifen, werden protokolliert.',
30 => 'Zugriff verweigert',
31 => 'Sie haben keinen Zugriff auf die Artikel-Administrationsseite. Alle Versuche, auf Bereiche ohne entsprechende Berechtigung zuzugreifen, werden protokolliert.',
32 => 'Sie haben keinen Zugriff auf die Kategorie-Administrationsseite. Alle Versuche, auf Bereiche ohne entsprechende Berechtigung zuzugreifen, werdenprotokolliert.',
diff -r daf8ec875097 -r 1af9f9a87ef2 language/german_formal_utf-8.php
--- a/language/german_formal_utf-8.php Sun Nov 23 18:02:28 2008 +0100
+++ b/language/german_formal_utf-8.php Sun Nov 23 18:24:58 2008 +0100
@@ -1120,7 +1120,7 @@
26 => '',
27 => 'Nachricht wurde verschickt.',
28 => 'Das Plugin wurde gespeichert.',
- 29 => '',
+ 29 => 'Sie haben keinen Zugriff auf diese Administrationsseite. Alle Versuche, auf Bereiche ohne entsprechende Berechtigung zuzugreifen, werden protokolliert.',
30 => 'Zugriff verweigert',
31 => 'Sie haben keinen Zugriff auf die Artikel-Administrationsseite. Alle Versuche, auf Bereiche ohne entsprechende Berechtigung zuzugreifen, werden protokolliert.',
32 => 'Sie haben keinen Zugriff auf die Kategorie-Administrationsseite. Alle Versuche, auf Bereiche ohne entsprechende Berechtigung zuzugreifen, werdenprotokolliert.',
diff -r daf8ec875097 -r 1af9f9a87ef2 language/german_utf-8.php
--- a/language/german_utf-8.php Sun Nov 23 18:02:28 2008 +0100
+++ b/language/german_utf-8.php Sun Nov 23 18:24:58 2008 +0100
@@ -1119,7 +1119,7 @@
26 => '',
27 => 'Nachricht wurde verschickt.',
28 => 'Das Plugin wurde gespeichert.',
- 29 => '',
+ 29 => 'Du hast keinen Zugriff auf diese Administrationsseite. Alle Versuche, auf Bereiche ohne entsprechende Berechtigung zuzugreifen, werden protokolliert.',
30 => 'Zugriff verweigert',
31 => 'Du hast keinen Zugriff auf die Artikel-Administrationsseite. Alle Versuche, auf Bereiche ohne entsprechende Berechtigung zuzugreifen, werden protokolliert.',
32 => 'Du hast keinen Zugriff auf die Kategorie-Administrationsseite. Alle Versuche, auf Bereiche ohne entsprechende Berechtigung zuzugreifen, werden protokolliert.',
diff -r daf8ec875097 -r 1af9f9a87ef2 public_html/admin/block.php
--- a/public_html/admin/block.php Sun Nov 23 18:02:28 2008 +0100
+++ b/public_html/admin/block.php Sun Nov 23 18:24:58 2008 +0100
@@ -37,21 +37,19 @@
require_once '../lib-common.php';
require_once 'auth.inc.php';
-require_once $_CONF['path_system'] . 'lib-security.php';
// Uncomment the line below if you need to debug the HTTP variables being passed
// to the script. This will sometimes cause errors but it will allow you to see
// the data being passed in a POST operation
// echo COM_debug($_POST);
-if (!SEC_hasRights ('block.edit')) {
- $display .= COM_siteHeader ('menu', $MESSAGE[30])
- . COM_startBlock ($MESSAGE[30], '',
- COM_getBlockTemplate ('_msg_block', 'header'))
- . $MESSAGE[33]
- . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'))
- . COM_siteFooter ();
- COM_accessLog ("User {$_USER['username']} tried to illegally access the block administration screen");
+$display = '';
+
+if (!SEC_hasRights('block.edit')) {
+ $display .= COM_siteHeader('menu', $MESSAGE[30])
+ . COM_showMessageText($MESSAGE[29], $MESSAGE[30])
+ . COM_siteFooter();
+ COM_accessLog("User {$_USER['username']} tried to illegally access the block administration screen");
echo $display;
exit;
}
@@ -513,13 +511,10 @@
$access = SEC_hasAccess ($owner_id, $group_id, $perm_owner, $perm_group,
$perm_members, $perm_anon);
}
- if (($access < 3) || !hasBlockTopicAccess ($tid) || !SEC_inGroup ($group_id)) {
- $retval .= COM_siteHeader('menu', $MESSAGE[30]);
- $retval .= COM_startBlock ($MESSAGE[30], '',
- COM_getBlockTemplate ('_msg_block', 'header'));
- $retval .= $MESSAGE[33];
- $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
- $retval .= COM_siteFooter();
+ if (($access < 3) || !hasBlockTopicAccess($tid) || !SEC_inGroup($group_id)) {
+ $retval .= COM_siteHeader('menu', $MESSAGE[30])
+ . COM_showMessageText($MESSAGE[29], $MESSAGE[30])
+ . COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally create or edit block $bid.");
return $retval;
diff -r daf8ec875097 -r 1af9f9a87ef2 public_html/admin/database.php
--- a/public_html/admin/database.php Sun Nov 23 18:02:28 2008 +0100
+++ b/public_html/admin/database.php Sun Nov 23 18:24:58 2008 +0100
@@ -36,13 +36,23 @@
require_once '../lib-common.php';
require_once 'auth.inc.php';
-require_once $_CONF['path_system'] . 'lib-security.php';
+
+$display = '';
+
+// If user isn't a Root user or if the backup feature is disabled, bail.
+if (!SEC_inGroup('Root') OR ($_CONF['allow_mysqldump'] == 0)) {
+ $display .= COM_siteHeader('menu', $LANG_DB_BACKUP['last_ten_backups'])
+ . COM_showMessageText($MESSAGE[29], $MESSAGE[30])
+ . COM_siteFooter();
+ COM_accessLog("User {$_USER['username']} tried to illegally access the database backup screen.");
+ echo $display;
+ exit;
+}
/**
-* This page allows all Root admins to create a database backup. This will not
-* allow the removal of past backups. It's pretty simple actually. The admin
-* clicks a button, we do a mysqldump to a file in the following format:
-* geeklog_db_backup_YYYY_MM_DD.sql That's it.
+* This page allows all Root admins to create a database backup. It's pretty
+* simple actually. The admin clicks a button, we do a mysqldump to a file in
+* the following format: geeklog_db_backup_YYYY_MM_DD_hh_mm_ss.sql That's it.
*/
/**
@@ -253,19 +263,6 @@
// MAIN
$display = '';
-// If user isn't a root user or if the backup feature is disabled, bail.
-if (!SEC_inGroup('Root') OR $_CONF['allow_mysqldump'] == 0) {
- $display .= COM_siteHeader('menu', $LANG_DB_BACKUP['last_ten_backups']);
- $display .= COM_startBlock($MESSAGE[30], '',
- COM_getBlockTemplate('_msg_block', 'header'));
- $display .= $MESSAGE[46];
- $display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
- $display .= COM_siteFooter();
- COM_accessLog("User {$_USER['username']} tried to illegally access the database backup screen.");
- echo $display;
- exit;
-}
-
$mode = '';
if (isset($_GET['mode'])) {
if ($_GET['mode'] == 'backup') {
diff -r daf8ec875097 -r 1af9f9a87ef2 public_html/admin/group.php
--- a/public_html/admin/group.php Sun Nov 23 18:02:28 2008 +0100
+++ b/public_html/admin/group.php Sun Nov 23 18:24:58 2008 +0100
@@ -37,7 +37,7 @@
/**
* This file is the Geeklog Group administration page
*
-* @author Tony Bibbs <tony at tonybibbs.com>
+* @author Tony Bibbs <tony AT tonybibbs DOT com>
*
*/
@@ -59,14 +59,11 @@
$display = '';
// Make sure user has rights to access this page
-if (!SEC_hasRights ('group.edit')) {
- $display .= COM_siteHeader ('menu', $MESSAGE[30]);
- $display .= COM_startBlock ($MESSAGE[30], '',
- COM_getBlockTemplate ('_msg_block', 'header'));
- $display .= $MESSAGE[37];
- $display .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
- $display .= COM_siteFooter ();
- COM_accessLog ("User {$_USER['username']} tried to illegally access the group administration screen.");
+if (!SEC_hasRights('group.edit')) {
+ $display .= COM_siteHeader('menu', $MESSAGE[30])
+ . COM_showMessageText($MESSAGE[29], $MESSAGE[30])
+ . COM_siteFooter();
+ COM_accessLog("User {$_USER['username']} tried to illegally access the group administration screen.");
echo $display;
exit;
}
diff -r daf8ec875097 -r 1af9f9a87ef2 public_html/admin/mail.php
--- a/public_html/admin/mail.php Sun Nov 23 18:02:28 2008 +0100
+++ b/public_html/admin/mail.php Sun Nov 23 18:24:58 2008 +0100
@@ -38,15 +38,12 @@
$display = '';
// Make sure user has access to this page
-if (!SEC_inGroup ('Mail Admin') && !SEC_hasrights ('user.mail')) {
- $retval .= COM_siteHeader ('menu', $MESSAGE[30]);
- $retval .= COM_startBlock ($MESSAGE[30], '',
- COM_getBlockTemplate ('_msg_block', 'header'));
- $retval .= $MESSAGE[39];
- $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
- $retval .= COM_siteFooter ();
- COM_accessLog ("User {$_USER['username']} tried to illegally access the mail administration screen.");
- echo $retval;
+if (!SEC_inGroup('Mail Admin') && !SEC_hasrights('user.mail')) {
+ $display .= COM_siteHeader('menu', $MESSAGE[30])
+ . COM_showMessageText($MESSAGE[29], $MESSAGE[30])
+ . COM_siteFooter();
+ COM_accessLog("User {$_USER['username']} tried to illegally access the mail administration screen.");
+ echo $display;
exit;
}
More information about the geeklog-cvs
mailing list