Commit c6ae4336 authored by pkdille's avatar pkdille

[MOD] access check: deploy some accesslib check functions to some files.

parent ced1ebba
......@@ -7,17 +7,9 @@
require_once ('tiki-setup.php');
include_once ('lib/themecontrol/tcontrol.php');
include_once ('lib/categories/categlib.php');
if ($prefs['feature_theme_control'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_theme_control");
$smarty->display("error.tpl");
die;
}
if ($tiki_p_admin != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You do not have permission to use this feature"));
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_theme_control', '', 'look');
$access->check_permission('tiki_p_admin');
$auto_query_args = array('find', 'sort_mode', 'offset', 'theme', 'theme-option', 'section');
$smarty->assign('a_section', isset($_REQUEST['section']) ? $_REQUEST['section'] : '');
......@@ -28,7 +20,7 @@ if (isset($_REQUEST['assign'])) {
check_ticket('tc-sections');
$tcontrollib->tc_assign_section($_REQUEST['section'], $_REQUEST['theme'], isset($_REQUEST['theme-option']) ? $_REQUEST['theme-option'] : '');
}
if (isset($_REQUEST["delete"])) {
if (isset($_REQUEST['delete'])) {
check_ticket('tc-sections');
foreach(array_keys($_REQUEST["sec"]) as $sec) {
$tcontrollib->tc_remove_section($sec);
......@@ -38,6 +30,5 @@ $channels = $tcontrollib->tc_list_sections(0, -1, 'section_asc', '');
$smarty->assign_by_ref('channels', $channels["data"]);
$smarty->assign('sections', $sections_enabled);
ask_ticket('tc-sections');
// Display the template
$smarty->assign('mid', 'tiki-theme_control_sections.tpl');
$smarty->display("tiki.tpl");
$smarty->display('tiki.tpl');
......@@ -3,17 +3,14 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-upload_file.php,v 1.65.2.4 2008-03-11 15:17:54 nyloth Exp $
$section = 'file_galleries';
require_once ('tiki-setup.php');
if ($prefs['feature_categories'] == 'y') {
include_once ('lib/categories/categlib.php');
}
if ($prefs['feature_file_galleries'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_file_galleries");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_file_galleries');
include_once ('lib/filegals/filegallib.php');
if ($prefs['feature_groupalert'] == 'y') {
include_once ('lib/groupalert/groupalertlib.php');
......@@ -68,14 +65,9 @@ if (empty($_REQUEST['fileId']) && $tiki_p_upload_files != 'y' && $tiki_p_admin_f
if (isset($_REQUEST['galleryId'][1])) {
foreach($_REQUEST['galleryId'] as $i => $gal) {
if (!$i) continue;
// TODO get the ggod gal_info
// TODO get the good gal_info
$perms = $tikilib->get_perm_object($_REQUEST['galleryId'][$i], 'file gallery', $gal_info, false);
if ($perms['tiki_p_upload_files'] != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied"));
$smarty->display('error.tpl');
die;
}
$access->check_permission('tiki_p_upload_files');
}
}
if (!empty($_REQUEST['fileId'])) {
......
......@@ -3,23 +3,20 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-upload_image.php,v 1.46.2.1 2008-03-15 21:11:15 sylvieg Exp $
$section = 'galleries';
require_once ('tiki-setup.php');
include_once ('lib/categories/categlib.php');
include_once ('lib/imagegals/imagegallib.php');
if ($prefs['feature_galleries'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_galleries");
$smarty->display("error.tpl");
die;
}
// Now check permissions to access this page
$access->check_feature('feature_galleries');
if ($tiki_p_upload_images != 'y' and !$tikilib->user_has_perm_on_object($user, $_REQUEST["galleryId"], "image gallery", "tiki_p_upload_images")) {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot upload images"));
$smarty->display("error.tpl");
die;
}
$foo = parse_url($_SERVER["REQUEST_URI"]);
$foo1 = str_replace("tiki-upload_image", "tiki-browse_image", $foo["path"]);
$foo2 = str_replace("tiki-upload_image", "show_image", $foo["path"]);
......@@ -37,12 +34,8 @@ if (isset($_REQUEST["upload"])) {
$tiki_p_upload_images = 'y';
$tiki_p_create_galleries = 'y';
}
if ($tiki_p_upload_images != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied you cannot upload images"));
$smarty->display("error.tpl");
die;
}
$access->check_permission('tiki_p_upload_images');
$gal_info = $imagegallib->get_gallery($_REQUEST["galleryId"]);
if ($gal_info["thumbSizeX"] == 0) $gal_info["thumbSizeX"] = 80;
if ($gal_info["thumbSizeY"] == 0) $gal_info["thumbSizeY"] = 80;
......@@ -106,7 +99,6 @@ if (isset($_REQUEST["upload"])) {
$size = $_FILES['userfile1']['size'];
$filename = $_FILES['userfile1']['name'];
// Check for a zip file.....
// Fixed by Flo
if (substr($filename, strlen($filename) - 3) == 'zip') {
if ($tiki_p_batch_upload_images == 'y') {
if ($imagegallib->process_batch_image_upload($_REQUEST["galleryId"], $_FILES['userfile1']['tmp_name'], $user) == 0) {
......@@ -323,6 +315,5 @@ include_once ('tiki-section_options.php');
ask_ticket('upload-image');
// disallow robots to index page:
$smarty->assign('metatag_robots', 'NOINDEX, NOFOLLOW');
// Display the template
$smarty->assign('mid', 'tiki-upload_image.tpl');
$smarty->display("tiki.tpl");
......@@ -3,24 +3,13 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-usage_chart.php,v 1.11 2007-10-12 07:55:32 nyloth Exp $
require_once ('tiki-setup.php');
if ($prefs['feature_stats'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_stats");
$smarty->display("error.tpl");
die;
}
if ( $tiki_p_view_stats != 'y' ) {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You do not have permission to use this feature"));
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_stats', '', 'general');
$access->check_permission('tiki_p_view_stats');
require_once ('lib/graph-engine/gd.php');
require_once ('lib/graph-engine/graph.bar.php');
include_once ('lib/stats/statslib.php');
//Define the object
......
......@@ -3,28 +3,16 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-user_assigned_modules.php,v 1.20 2007-10-12 07:55:32 nyloth Exp $
$section = 'mytiki';
require_once ('tiki-setup.php');
if ($prefs['feature_ajax'] == "y") {
require_once ('lib/ajax/ajaxlib.php');
}
$access->check_feature( 'feature_modulecontrols' );
$access->check_feature( 'user_assigned_modules' );
include_once ('lib/usermodules/usermoduleslib.php');
if (!$user) {
$smarty->assign('msg', tra("You must log in to use this feature"));
$smarty->display("error.tpl");
die;
}
if ($tiki_p_configure_modules != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You do not have permission to use this feature"));
$smarty->display("error.tpl");
die;
}
$access->check_feature( array('feature_modulecontrols', 'user_assigned_modules') );
$access->check_user($user);
$access->check_permission('tiki_p_configure_modules');
if (isset($_REQUEST["recreate"])) {
check_ticket('user-modules');
......@@ -73,10 +61,8 @@ if (count($assignables) > 0) {
$modules = $usermoduleslib->get_user_assigned_modules($user);
$smarty->assign('modules_l', $usermoduleslib->get_user_assigned_modules_pos($user, 'l'));
$smarty->assign('modules_r', $usermoduleslib->get_user_assigned_modules_pos($user, 'r'));
//print_r($modules);
$smarty->assign_by_ref('assignables', $assignables);
$smarty->assign_by_ref('modules', $modules);
//print_r($modules);
include_once ('tiki-mytiki_shared.php');
ask_ticket('user-modules');
if ($prefs['feature_ajax'] == "y") {
......
......@@ -3,29 +3,17 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-user_bookmarks.php,v 1.20 2007-10-12 07:55:32 nyloth Exp $
$section = 'mytiki';
require_once ('tiki-setup.php');
if ($prefs['feature_ajax'] == "y") {
require_once ('lib/ajax/ajaxlib.php');
}
include_once ('lib/bookmarks/bookmarklib.php');
if ($tiki_p_create_bookmarks != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You do not have permission to use this feature"));
$smarty->display("error.tpl");
die;
}
if (!$user) {
$smarty->assign('msg', tra("You must log in to use this feature"));
$smarty->display("error.tpl");
die;
}
if ($prefs['feature_user_bookmarks'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_user_bookmarks");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_user_bookmarks', '', 'community');
$access->check_user($user);
$access->check_permission('tiki_p_create_bookmarks');
if (!isset($_REQUEST["parentId"])) {
$_REQUEST["parentId"] = 0;
}
......
......@@ -3,28 +3,21 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-user_cached_bookmark.php,v 1.12 2007-10-12 07:55:32 nyloth Exp $
$section = 'mytiki';
require_once ('tiki-setup.php');
include_once ('lib/bookmarks/bookmarklib.php');
if (!$user) {
$smarty->assign('msg', tra("You must log in to use this feature"));
$smarty->display("error.tpl");
die;
}
if ($prefs['feature_user_bookmarks'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_user_bookmarks");
$smarty->display("error.tpl");
die;
}
if (!isset($_REQUEST["urlid"])) {
$smarty->assign('msg', tra("No url indicated"));
$smarty->display("error.tpl");
$access->check_feature('feature_user_bookmarks', '', 'community');
$access->check_user($user);
if (!isset($_REQUEST['urlid'])) {
$smarty->assign('msg', tra('No url indicated'));
$smarty->display('error.tpl');
die;
}
// Get a list of last changes to the Wiki database
$info = $bookmarklib->get_url($_REQUEST["urlid"]);
$info["refresh"] = $info["lastUpdated"];
$info = $bookmarklib->get_url($_REQUEST['urlid']);
$info['refresh'] = $info['lastUpdated'];
$smarty->assign_by_ref('info', $info);
$smarty->assign('ggcacheurl', 'http://google.com/search?q=cache:' . urlencode(strstr($info['url'], 'http://')));
$smarty->display('tiki-view_cache.tpl');
......@@ -3,20 +3,13 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-user_contacts_prefs.php,v 1.7.2.1 2007-11-04 22:08:05 nyloth Exp $
$section = 'mytiki';
require_once ('tiki-setup.php');
require_once ('lib/webmail/contactlib.php');
if (!$user) {
$smarty->assign('msg', tra("You must log in to use this feature"));
$smarty->display("error.tpl");
die;
}
if ($prefs['feature_contacts'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_contacts");
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_contacts', '', 'community');
$access->check_user($user);
if (!isset($cookietab)) { $cookietab = '1'; }
if (isset($_REQUEST['prefs'])) {
$tikilib->set_user_preference($user, 'user_contacts_default_view', $_REQUEST['user_contacts_default_view']);
......
......@@ -3,7 +3,6 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-user_information.php,v 1.45.2.4 2008-01-16 15:50:48 sylvieg Exp $
require_once ('tiki-setup.php');
if ($prefs['feature_ajax'] == "y") {
require_once ('lib/ajax/ajaxlib.php');
......@@ -29,14 +28,10 @@ if (isset($_REQUEST['userId'])) {
die;
}
} else {
if ($user) {
$userwatch = $user;
} else {
$smarty->assign('msg', tra("You are not logged in and no user indicated"));
$smarty->display("error.tpl");
die;
}
$access->check_user($user);
$userwatch = $user;
}
$smarty->assign('userwatch', $userwatch);
// Custom fields
$customfields = array();
......
......@@ -3,29 +3,17 @@
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: /cvsroot/tikiwiki/tiki/tiki-userfiles.php,v 1.22.2.1 2007-12-11 22:42:54 pkdille Exp $
$section = 'mytiki';
require_once ('tiki-setup.php');
if ($prefs['feature_ajax'] == "y") {
require_once ('lib/ajax/ajaxlib.php');
}
include_once ('lib/userfiles/userfileslib.php');
if ($prefs['feature_userfiles'] != 'y') {
$smarty->assign('msg', tra("This feature is disabled") . ": feature_userfiles");
$smarty->display("error.tpl");
die;
}
if (!$user) {
$smarty->assign('msg', tra("Must be logged to use this feature"));
$smarty->display("error.tpl");
die;
}
if ($tiki_p_userfiles != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied to use this feature"));
$smarty->display("error.tpl");
die;
}
$access->check_feature('feature_userfiles', '', 'community');
$access->check_user($user);
$access->check_permission('tiki_p_userfiles');
$quota = $userfileslib->userfiles_quota($user);
$limit = $prefs['userfiles_quota'] * 1024 * 1000;
if ($limit == 0) $limit = 999999999;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment