Ignore:
Timestamp:
Sep 4, 2010, 9:16:02 PM (14 years ago)
Author:
nikrou
Message:

Fix incorrect use of permissions

Location:
extensions/user_tags/include
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • extensions/user_tags/include/t4u_admin_action.inc.php

    r6818 r6846  
    2525
    2626if (!empty($_GET['action']) && ($_GET['action']=='add')
    27     && isset($_POST['tags']) && $me->getPermission('add')) {
     27    && isset($_POST['tags']) && $plugin_config->getPermission('add') ) {
    2828  include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
    2929
     
    3939
    4040    echo json_encode($message);
    41     Log::getInstance()->debug('message envoyé');
    4241    exit();
    4342  } else {
    4443    redirect(get_absolute_root_url().$_POST['referer']);
    4544  }
    46 } elseif (!empty($_GET['action']) && $_GET['action']=='get' && $me->getPermission('add')) {
     45} elseif (!empty($_GET['action']) && $_GET['action']=='get' && $plugin_config->getPermission('add') ) {
    4746  include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
    4847     

  • extensions/user_tags/include/t4u_config.class.php

    r6813 r6846  
    9999  }
    100100 
    101   public function getActionUrl($action, $method='POST') {
    102     $url = get_root_url().'admin.php?page=plugin';
    103     $file = basename($this->plugin_dir) . '/' .'admin.php';
    104     if (strtoupper($method)=='POST') {
    105         $url .= '&section='.urlencode($file);     
    106         $url .= '&action='.urlencode($action);     
    107     } else {
    108         $url .= '&section='.$file;           
    109         $url .= '&action='.$action;           
    110     }
     101  public function getActionUrl($base_url, $action) {
     102    $url = $base_url;
     103    $url .= '&action='.$action;           
    111104
    112105    return $url;

  • extensions/user_tags/include/t4u_content.class.php

    r6818 r6846  
    4242    $template->assign('T4U_CSS', T4U_CSS);
    4343    $template->assign('T4U_IMGS', T4U_IMGS);
    44     $template->assign('T4U_ADD_SCRIPT', $this->plugin_config->getActionUrl('add', 'GET'));
    45     $template->assign('T4U_GET_SCRIPT', $this->plugin_config->getActionUrl('get', 'GET'));
     44    $template->assign('T4U_ADD_SCRIPT', $this->plugin_config->getActionUrl($picture['url'], 'add'));
     45    $template->assign('T4U_GET_SCRIPT', $this->plugin_config->getActionUrl($picture['url'], 'get'));
    4646    $template->assign('T4U_IMAGE_ID', $picture['id']);
    4747    $template->assign('T4U_REFERER', htmlentities($picture['url']));
     
    6060
    6161    return $content;
    62   }   
     62  }
    6363}
    6464?>
Note: See TracChangeset for help on using the changeset viewer.