Changeset 1571


Ignore:
Timestamp:
Oct 21, 2006, 2:28:07 PM (17 years ago)
Author:
rub
Message:

Resolved Issue ID 0000356:

o Increase security on adviser mode

First modifications of n modifications.
All the others modifications will be done on BSF branch.

Merge branch-1_6 1568:1570 into BSF

Location:
trunk
Files:
7 edited

Legend:

Unmodified
Added
Removed
  • trunk/admin/comments.php

    r1154 r1571  
    4747  $to_reject = array();
    4848
    49   if (isset($_POST['submit']))
     49  if (isset($_POST['submit']) and !is_adviser())
    5050  {   
    5151    foreach (explode(',', $_POST['list']) as $comment_id)
     
    6969    }
    7070  }
    71   else if (isset($_POST['validate-all']) and !empty($_POST['list']))
     71  else if (isset($_POST['validate-all']) and !empty($_POST['list']) and !is_adviser())
    7272  {
    7373    $to_validate = explode(',', $_POST['list']);
    7474  }
    75   else if (isset($_POST['reject-all']) and !empty($_POST['list']))
     75  else if (isset($_POST['reject-all']) and !empty($_POST['list']) and !is_adviser())
    7676  {
    7777    $to_reject = explode(',', $_POST['list']);
  • trunk/admin/configuration.php

    r1565 r1571  
    4848}
    4949//------------------------------ verification and registration of modifications
    50 if (isset($_POST['submit']))
     50if (isset($_POST['submit']) and !is_adviser())
    5151{
    5252  $int_pattern = '/^\d+$/';
  • trunk/admin/notification_by_mail.php

    r1521 r1571  
    420420    while ($nbm_user = mysql_fetch_array($result))
    421421    {
    422       if (isset($_POST['param_submit']))
     422      if (isset($_POST['param_submit']) and !is_adviser())
    423423      {
    424424        if (isset($_POST[$nbm_user['param']]))
     
    442442      // if the parameter is present in $_POST array (if a form is submited), we
    443443      // override it with the submited value
    444       if (isset($_POST[$nbm_user['param']]))
     444      if (isset($_POST[$nbm_user['param']]) and !is_adviser())
    445445      {
    446446        $conf[$nbm_user['param']] = stripslashes($_POST[$nbm_user['param']]);
     
    462462  case 'subscribe' :
    463463  {
    464     if (isset($_POST['falsify']) and isset($_POST['cat_true']))
    465     {
    466       $check_key_treated = unsubcribe_notification_by_mail(true, $_POST['cat_true']);
    467       do_timeout_treatment('cat_true', $check_key_treated);
    468     }
    469     else
    470     if (isset($_POST['trueify']) and isset($_POST['cat_false']))
    471     {
    472       $check_key_treated = subcribe_notification_by_mail(true, $_POST['cat_false']);
    473       do_timeout_treatment('cat_false', $check_key_treated);
     464    if (!is_adviser())
     465    {
     466      if (isset($_POST['falsify']) and isset($_POST['cat_true']))
     467      {
     468        $check_key_treated = unsubcribe_notification_by_mail(true, $_POST['cat_true']);
     469        do_timeout_treatment('cat_true', $check_key_treated);
     470      }
     471      else
     472      if (isset($_POST['trueify']) and isset($_POST['cat_false']))
     473      {
     474        $check_key_treated = subcribe_notification_by_mail(true, $_POST['cat_false']);
     475        do_timeout_treatment('cat_false', $check_key_treated);
     476      }
    474477    }
    475478    break;
     
    478481  case 'send' :
    479482  {
    480     if (isset($_POST['send_submit']) and isset($_POST['send_selection']) and isset($_POST['send_customize_mail_content']))
     483    if (isset($_POST['send_submit']) and isset($_POST['send_selection']) and isset($_POST['send_customize_mail_content']) and !is_adviser())
    481484    {
    482485      $check_key_treated = do_action_send_mail_notification('send', $_POST['send_selection'], stripslashes($_POST['send_customize_mail_content']));
  • trunk/admin/picture_modify.php

    r1503 r1571  
    7171}
    7272
    73 if (isset($_POST['submit']) and count($page['errors']) == 0)
     73if (isset($_POST['submit']) and count($page['errors']) == 0 and !is_adviser())
    7474{
    7575  $data = array();
     
    120120if (isset($_POST['associate'])
    121121    and isset($_POST['cat_dissociated'])
    122     and count($_POST['cat_dissociated']) > 0)
     122    and count($_POST['cat_dissociated']) > 0
     123    and !is_adviser()
     124  )
    123125{
    124126  associate_images_to_categories(
     
    130132if (isset($_POST['dissociate'])
    131133    and isset($_POST['cat_associated'])
    132     and count($_POST['cat_associated']) > 0)
     134    and count($_POST['cat_associated']) > 0
     135    and !is_adviser()
     136  )
    133137{
    134138  $query = '
     
    144148if (isset($_POST['elect'])
    145149    and isset($_POST['cat_dismissed'])
    146     and count($_POST['cat_dismissed']) > 0)
     150    and count($_POST['cat_dismissed']) > 0
     151    and !is_adviser()
     152  )
    147153{
    148154  $datas = array();
     
    160166if (isset($_POST['dismiss'])
    161167    and isset($_POST['cat_elected'])
    162     and count($_POST['cat_elected']) > 0)
     168    and count($_POST['cat_elected']) > 0
     169    and !is_adviser()
     170  )
    163171{
    164172  set_random_representant($_POST['cat_elected']);
  • trunk/admin/tags.php

    r1487 r1571  
    3838// +-----------------------------------------------------------------------+
    3939
    40 if (isset($_POST['submit']))
     40if (isset($_POST['submit']) and !is_adviser())
    4141{
    4242  $query = '
     
    111111// +-----------------------------------------------------------------------+
    112112
    113 if (isset($_POST['delete']) and isset($_POST['tags']))
     113if (isset($_POST['delete']) and isset($_POST['tags']) and !is_adviser())
    114114{
    115115  $query = '
     
    148148// +-----------------------------------------------------------------------+
    149149
    150 if (isset($_POST['add']) and !empty($_POST['add_tag']))
     150if (isset($_POST['add']) and !empty($_POST['add_tag']) and !is_adviser())
    151151{
    152152  $tag_name = $_POST['add_tag'];
  • trunk/template/yoga/admin/comments.tpl

    r1244 r1571  
    1717    <input type="hidden" name="list" value="{LIST}" />
    1818    <input type="submit" name="submit" value="{lang:Submit}" {TAG_INPUT_ENABLED}/>
    19     <input type="submit" name="validate-all" value="{lang:Validate All}" />
    20     <input type="submit" name="reject-all" value="{lang:Reject All}" />
     19    <input type="submit" name="validate-all" value="{lang:Validate All}" {TAG_INPUT_ENABLED}/>
     20    <input type="submit" name="reject-all" value="{lang:Reject All}" {TAG_INPUT_ENABLED}/>
    2121    <input type="reset" value="{lang:Reset}" />
    2222  </p>
  • trunk/template/yoga/admin/tags.tpl

    r1444 r1571  
    4646
    4747    <p>
    48       <input type="submit" name="edit" value="{lang:Edit selected tags}" {TAG_INPUT_ENABLED}/>
     48      <input type="submit" name="edit" value="{lang:Edit selected tags}"/>
    4949      <input type="submit" name="delete" value="{lang:Delete selected tags}" onclick="return confirm('{lang:Are you sure?}');" {TAG_INPUT_ENABLED}/>
    5050    </p>
Note: See TracChangeset for help on using the changeset viewer.