[geeklog-hg] geeklog: Fixed an issue that rendering of the article was incorr...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sun Sep 1 07:24:14 EDT 2013
changeset 9273:74e034c9eb5b
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/74e034c9eb5b
user: dengen <taharaxp at gmail.com>
date: Sun Sep 01 19:20:06 2013 +0900
description:
Fixed an issue that rendering of the article was incorrect because it was wrong to check the permissions of the article.
diffstat:
system/classes/gltext.class.php | 109 ++++++++++++++++++++++++++++++++-------
system/classes/story.class.php | 22 ++++---
2 files changed, 101 insertions(+), 30 deletions(-)
diffs (216 lines):
diff -r 5f687e9d4c7c -r 74e034c9eb5b system/classes/gltext.class.php
--- a/system/classes/gltext.class.php Sat Aug 31 21:10:17 2013 -0400
+++ b/system/classes/gltext.class.php Sun Sep 01 19:20:06 2013 +0900
@@ -91,14 +91,15 @@
* Returns text ready for display.
*
* @param string $text Text to prepare for display
- * @param string $postmode Indicates if text is html, wikitext or plaintext
+ * @param string $postmode Indicates if text is html, adveditor, wikitext or plaintext
* @param string $permissions comma-separated list of rights which identify the current user as an "Admin"
+ * @param int $uid User ID
* @param int $version version of GLText engine
* @return string Escaped String
* @access public
*
*/
- public static function getDisplayText($text, $postmode, $permissions, $version)
+ public static function getDisplayText($text, $postmode, $permissions, $uid, $version)
{
if ($version == GLTEXT_FIRST_VERSION) {
@@ -117,8 +118,8 @@
// latest version
- if ($postmode == 'html') {
- $text = self::checkHTML($text, $permissions);
+ if ($postmode == 'html' || $postmode == 'adveditor') {
+ $text = self::checkHTML($text, $permissions, $uid, $postmode, $version);
}
if ($postmode == 'plaintext') {
@@ -130,7 +131,7 @@
if ($postmode == 'wikitext') {
$text = self::_editUnescape($text, $postmode);
$text = self::renderWikiText($text);
-// $text = self::_htmLawed($text, 'story.edit');
+// $text = self::_htmLawed($text, 'story.edit', $uid, $postmode, $version);
}
$text = COM_checkWords($text);
@@ -149,14 +150,25 @@
*
* @param string $str HTML to check
* @param string $permissions comma-separated list of rights which identify the current user as an "Admin"
+ * @param int $uid User ID
+ * @param string $postmode Indicates if text is html, adveditor, wikitext or plaintext
+ * @param int $version version of GLText engine
* @return string Filtered HTML
* @access public
*
*/
- public static function checkHTML($str, $permissions = 'story.edit')
+ public static function checkHTML($str, $permissions = 'story.edit', $uid = '', $postmode = 'html', $version = GLTEXT_FIRST_VERSION)
{
global $_CONF, $_USER;
+ if (empty($uid)) {
+ if (empty($_USER['uid'])) {
+ $uid = 1;
+ } else {
+ $uid = $_USER['uid'];
+ }
+ }
+
// $str = COM_stripslashes($str); // it should not be here
// Get rid of any newline characters
@@ -173,10 +185,16 @@
// // Replace any $ with $ (HTML equiv)
// $str = str_replace( '$', '$', $str);
- if (!SEC_hasRights('htmlfilter.skip') &&
- (($_CONF['skip_html_filter_for_root'] != 1) || !SEC_inGroup('Root'))) {
-
- $str = self::_htmLawed($str, $permissions);
+ if ($version == GLTEXT_FIRST_VERSION) {
+ if (!SEC_hasRights('htmlfilter.skip') &&
+ (($_CONF['skip_html_filter_for_root'] != 1) || !SEC_inGroup('Root'))) {
+ $str = self::_htmLawed($str, $permissions, $uid, $postmode, $version);
+ }
+ } else {
+ if (!self::_hasRights('htmlfilter.skip', $uid) &&
+ (($_CONF['skip_html_filter_for_root'] != 1) || !SEC_inGroup('Root', $uid))) {
+ $str = self::_htmLawed($str, $permissions, $uid, $postmode, $version);
+ }
}
// Replace [raw][/raw] with <!--raw--><!--/raw-->, note done "late" because
@@ -216,7 +234,7 @@
// Private Methods:
- private function _htmLawed($str, $permissions)
+ private function _htmLawed($str, $permissions, $uid = '', $postmode = 'html', $version = GLTEXT_FIRST_VERSION)
{
global $_CONF, $_USER;
@@ -245,17 +263,33 @@
$schemes = str_replace(':', '', implode(', ', $schemes));
$config['schemes'] = 'href: ' . $schemes . '; *: ' . $schemes;
- if( empty($permissions) || !SEC_hasRights($permissions) ||
- empty($_CONF['admin_html'])) {
- $html = $_CONF['user_html'];
+ if ($version == GLTEXT_FIRST_VERSION) {
+ if (empty($permissions) || !SEC_hasRights($permissions) ||
+ empty($_CONF['admin_html'])) {
+ $html = $_CONF['user_html'];
+ } else {
+ if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
+ $html = array_merge_recursive($_CONF['user_html'],
+ $_CONF['admin_html'],
+ $_CONF['advanced_html']);
+ } else {
+ $html = array_merge_recursive($_CONF['user_html'],
+ $_CONF['admin_html']);
+ }
+ }
} else {
- if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
- $html = array_merge_recursive($_CONF['user_html'],
- $_CONF['admin_html'],
- $_CONF['advanced_html']);
+ if (empty($permissions) || !self::_hasRights($permissions, $uid) ||
+ empty($_CONF['admin_html'])) {
+ $html = $_CONF['user_html'];
} else {
- $html = array_merge_recursive($_CONF['user_html'],
- $_CONF['admin_html']);
+ if ($postmode == 'adveditor') {
+ $html = array_merge_recursive($_CONF['user_html'],
+ $_CONF['admin_html'],
+ $_CONF['advanced_html']);
+ } else {
+ $html = array_merge_recursive($_CONF['user_html'],
+ $_CONF['admin_html']);
+ }
}
}
@@ -277,6 +311,41 @@
}
/**
+ * Checks if user has rights to a feature
+ *
+ * Takes either a single feature or an array of features and returns
+ * an array of whether the user has those rights
+ *
+ * @param string|array $features Features to check
+ * @param int $uid User ID
+ * @return boolean Return true if user has access to feature(s), otherwise false.
+ *
+ */
+ private function _hasRights($features, $uid)
+ {
+ static $rights = array();
+
+ if (empty($rights[$uid])) {
+ $rights[$uid] = explode(',', SEC_getUserPermissions('', $uid));
+ }
+
+ if (is_string($features) && strpos($features, ',') !== false) {
+ $features = explode(',', $features);
+ }
+
+ if (is_array($features)) {
+ foreach ($features as $f) {
+ if (!in_array($f, $rights[$uid])) {
+ return false;
+ }
+ }
+ return true;
+ }
+
+ return in_array($features, $rights[$uid]);
+ }
+
+ /**
* Escapes certain HTML for nicely encoded HTML.
*
* @param string $text Text to escpae
diff -r 5f687e9d4c7c -r 74e034c9eb5b system/classes/story.class.php
--- a/system/classes/story.class.php Sat Aug 31 21:10:17 2013 -0400
+++ b/system/classes/story.class.php Sun Sep 01 19:20:06 2013 +0900
@@ -1706,17 +1706,19 @@
switch (strtolower($item))
{
case 'introtext':
- $return = GLText::getDisplayText($this->_introtext,
- $this->_postmode,
+ case 'bodytext':
+ $postmode = $this->_postmode;
+ if ($this->_text_version != GLTEXT_FIRST_VERSION &&
+ $this->_advanced_editor_mode == 1) {
+ $postmode = 'adveditor';
+ }
+ $return = GLText::getDisplayText(
+ ((strtolower($item) == 'introtext') ?
+ $this->_introtext :
+ $this->_bodytext),
+ $postmode,
'story.edit',
- $this->_text_version);
- break;
-
- case 'bodytext':
- if (empty($this->_bodytext)) break;
- $return = GLText::getDisplayText($this->_bodytext,
- $this->_postmode,
- 'story.edit',
+ $this->_uid,
$this->_text_version);
break;
More information about the geeklog-cvs
mailing list