adam/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-06-02 04:15:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

Resolved Issue ID 0000356:

Browse Source 
o Increase security on adviser mode

First modifications of n modifications.
All the others modifications will be done on BSF branch.


Merge branch-1_6 1558:1559 into BSF

git-svn-id: http://piwigo.org/svn/branches/branch-1_6@1569 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
rub
2006-10-21 12:07:00 +00:00
parent 60866f64c8
commit bc7b433457
8 changed files with 41 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files
admin/comments.php
+3 -3
View File
@@ -46,7 +46,7 @@ if (isset($_POST))
$to_validate = array();
$to_reject = array();
if (isset($_POST['submit']))
if (isset($_POST['submit']) and !is_adviser())
{
foreach (explode(',', $_POST['list']) as $comment_id)
{
@@ -68,11 +68,11 @@ if (isset($_POST))
}
}
}
else if (isset($_POST['validate-all']) and !empty($_POST['list']))
else if (isset($_POST['validate-all']) and !empty($_POST['list']) and !is_adviser())
{
$to_validate = explode(',', $_POST['list']);
}
else if (isset($_POST['reject-all']) and !empty($_POST['list']))
else if (isset($_POST['reject-all']) and !empty($_POST['list']) and !is_adviser())
{
$to_reject = explode(',', $_POST['list']);
}
admin/configuration.php
+2 -2
View File
@@ -53,7 +53,7 @@ while ($row = mysql_fetch_array($result))
$conf[$row['param']] = $row['value'];
// if the parameter is present in $_POST array (if a form is submited), we
// override it with the submited value
if (isset($_POST[$row['param']]))
if (isset($_POST[$row['param']]) and !is_adviser())
{
$conf[$row['param']] = $_POST[$row['param']];
if ( 'page_banner'==$row['param'] )
@@ -63,7 +63,7 @@ while ($row = mysql_fetch_array($result))
}
}
//------------------------------ verification and registration of modifications
if (isset($_POST['submit']))
if (isset($_POST['submit']) and !is_adviser())
{
$int_pattern = '/^\d+$/';
switch ($page['section'])
admin/notification_by_mail.php
+15 -12
View File
@@ -419,7 +419,7 @@ switch ($page['mode'])
$result = pwg_query('select param, value from '.CONFIG_TABLE.' where param like \'nbm\\_%\'');
while ($nbm_user = mysql_fetch_array($result))
{
if (isset($_POST['param_submit']))
if (isset($_POST['param_submit']) and !is_adviser())
{
if (isset($_POST[$nbm_user['param']]))
{
@@ -441,7 +441,7 @@ where
// if the parameter is present in $_POST array (if a form is submited), we
// override it with the submited value
if (isset($_POST[$nbm_user['param']]))
if (isset($_POST[$nbm_user['param']]) and !is_adviser())
{
$conf[$nbm_user['param']] = stripslashes($_POST[$nbm_user['param']]);
}
@@ -461,23 +461,26 @@ where
}
case 'subscribe' :
{
if (isset($_POST['falsify']) and isset($_POST['cat_true']))
if (!is_adviser())
{
$check_key_treated = unsubcribe_notification_by_mail(true, $_POST['cat_true']);
do_timeout_treatment('cat_true', $check_key_treated);
}
else
if (isset($_POST['trueify']) and isset($_POST['cat_false']))
{
$check_key_treated = subcribe_notification_by_mail(true, $_POST['cat_false']);
do_timeout_treatment('cat_false', $check_key_treated);
if (isset($_POST['falsify']) and isset($_POST['cat_true']))
{
$check_key_treated = unsubcribe_notification_by_mail(true, $_POST['cat_true']);
do_timeout_treatment('cat_true', $check_key_treated);
}
else
if (isset($_POST['trueify']) and isset($_POST['cat_false']))
{
$check_key_treated = subcribe_notification_by_mail(true, $_POST['cat_false']);
do_timeout_treatment('cat_false', $check_key_treated);
}
}
break;
}
case 'send' :
{
if (isset($_POST['send_submit']) and isset($_POST['send_selection']) and isset($_POST['send_customize_mail_content']))
if (isset($_POST['send_submit']) and isset($_POST['send_selection']) and isset($_POST['send_customize_mail_content']) and !is_adviser())
{
$check_key_treated = do_action_send_mail_notification('send', $_POST['send_selection'], stripslashes($_POST['send_customize_mail_content']));
do_timeout_treatment('send_selection', $check_key_treated);
admin/picture_modify.php
+13 -5
View File
@@ -70,7 +70,7 @@ if (isset($_POST['date_creation_action'])
}
}
if (isset($_POST['submit']) and count($page['errors']) == 0)
if (isset($_POST['submit']) and count($page['errors']) == 0 and !is_adviser())
{
$data = array();
$data{'id'} = $_GET['image_id'];
@@ -119,7 +119,9 @@ if (isset($_POST['submit']) and count($page['errors']) == 0)
// associate the element to other categories than its storage category
if (isset($_POST['associate'])
and isset($_POST['cat_dissociated'])
and count($_POST['cat_dissociated']) > 0)
and count($_POST['cat_dissociated']) > 0
and !is_adviser()
)
{
associate_images_to_categories(
array($_GET['image_id']),
@@ -129,7 +131,9 @@ if (isset($_POST['associate'])
// dissociate the element from categories (but not from its storage category)
if (isset($_POST['dissociate'])
and isset($_POST['cat_associated'])
and count($_POST['cat_associated']) > 0)
and count($_POST['cat_associated']) > 0
and !is_adviser()
)
{
$query = '
DELETE FROM '.IMAGE_CATEGORY_TABLE.'
@@ -143,7 +147,9 @@ DELETE FROM '.IMAGE_CATEGORY_TABLE.'
// elect the element to represent the given categories
if (isset($_POST['elect'])
and isset($_POST['cat_dismissed'])
and count($_POST['cat_dismissed']) > 0)
and count($_POST['cat_dismissed']) > 0
and !is_adviser()
)
{
$datas = array();
foreach ($_POST['cat_dismissed'] as $category_id)
@@ -159,7 +165,9 @@ if (isset($_POST['elect'])
// dismiss the element as representant of the given categories
if (isset($_POST['dismiss'])
and isset($_POST['cat_elected'])
and count($_POST['cat_elected']) > 0)
and count($_POST['cat_elected']) > 0
and !is_adviser()
)
{
set_random_representant($_POST['cat_elected']);
}
admin/tags.php
+3 -3
View File
@@ -37,7 +37,7 @@ check_status(ACCESS_ADMINISTRATOR);
// | edit tags |
// +-----------------------------------------------------------------------+
if (isset($_POST['submit']))
if (isset($_POST['submit']) and !is_adviser())
{
$query = '
SELECT name
@@ -110,7 +110,7 @@ SELECT id, name
// | delete tags |
// +-----------------------------------------------------------------------+
if (isset($_POST['delete']) and isset($_POST['tags']))
if (isset($_POST['delete']) and isset($_POST['tags']) and !is_adviser())
{
$query = '
SELECT name
@@ -147,7 +147,7 @@ DELETE
// | add a tag |
// +-----------------------------------------------------------------------+
if (isset($_POST['add']) and !empty($_POST['add_tag']))
if (isset($_POST['add']) and !empty($_POST['add_tag']) and !is_adviser())
{
$tag_name = $_POST['add_tag'];
include/page_header.php
+2 -1
View File
@@ -49,7 +49,8 @@ $template->assign_vars(
'LANG'=>$lang_info['code'],
'DIR'=>$lang_info['direction'],
'TAG_INPUT_ENABLED' => ((is_adviser()) ? 'disabled onclick="return false;"' : '')
// 'TAG_INPUT_ENABLED' => ((is_adviser()) ? 'disabled onclick="return false;"' : '')
'TAG_INPUT_ENABLED' => ((is_adviser()) ? '' : '')
));
// refresh
template/yoga/admin/comments.tpl
+2 -2
View File
@@ -16,8 +16,8 @@
<p class="bottomButtons">
<input type="hidden" name="list" value="{LIST}" />
<input type="submit" name="submit" value="{lang:Submit}" {TAG_INPUT_ENABLED}/>
<input type="submit" name="validate-all" value="{lang:Validate All}" />
<input type="submit" name="reject-all" value="{lang:Reject All}" />
<input type="submit" name="validate-all" value="{lang:Validate All}" {TAG_INPUT_ENABLED}/>
<input type="submit" name="reject-all" value="{lang:Reject All}" {TAG_INPUT_ENABLED}/>
<input type="reset" value="{lang:Reset}" />
</p>
template/yoga/admin/tags.tpl
+1 -1
View File
@@ -45,7 +45,7 @@
{TAG_SELECTION}
<p>
<input type="submit" name="edit" value="{lang:Edit selected tags}" {TAG_INPUT_ENABLED}/>
<input type="submit" name="edit" value="{lang:Edit selected tags}"/>
<input type="submit" name="delete" value="{lang:Delete selected tags}" onclick="return confirm('{lang:Are you sure?}');" {TAG_INPUT_ENABLED}/>
</p>
</fieldset>