Ignore:
Timestamp:
Oct 21, 2006, 2:28:07 PM (18 years ago)
Author:
rub
Message:

Resolved Issue ID 0000356:

o Increase security on adviser mode

First modifications of n modifications.
All the others modifications will be done on BSF branch.

Merge branch-1_6 1568:1570 into BSF

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/admin/notification_by_mail.php

    r1521 r1571  
    420420    while ($nbm_user = mysql_fetch_array($result))
    421421    {
    422       if (isset($_POST['param_submit']))
     422      if (isset($_POST['param_submit']) and !is_adviser())
    423423      {
    424424        if (isset($_POST[$nbm_user['param']]))
     
    442442      // if the parameter is present in $_POST array (if a form is submited), we
    443443      // override it with the submited value
    444       if (isset($_POST[$nbm_user['param']]))
     444      if (isset($_POST[$nbm_user['param']]) and !is_adviser())
    445445      {
    446446        $conf[$nbm_user['param']] = stripslashes($_POST[$nbm_user['param']]);
     
    462462  case 'subscribe' :
    463463  {
    464     if (isset($_POST['falsify']) and isset($_POST['cat_true']))
    465     {
    466       $check_key_treated = unsubcribe_notification_by_mail(true, $_POST['cat_true']);
    467       do_timeout_treatment('cat_true', $check_key_treated);
    468     }
    469     else
    470     if (isset($_POST['trueify']) and isset($_POST['cat_false']))
    471     {
    472       $check_key_treated = subcribe_notification_by_mail(true, $_POST['cat_false']);
    473       do_timeout_treatment('cat_false', $check_key_treated);
     464    if (!is_adviser())
     465    {
     466      if (isset($_POST['falsify']) and isset($_POST['cat_true']))
     467      {
     468        $check_key_treated = unsubcribe_notification_by_mail(true, $_POST['cat_true']);
     469        do_timeout_treatment('cat_true', $check_key_treated);
     470      }
     471      else
     472      if (isset($_POST['trueify']) and isset($_POST['cat_false']))
     473      {
     474        $check_key_treated = subcribe_notification_by_mail(true, $_POST['cat_false']);
     475        do_timeout_treatment('cat_false', $check_key_treated);
     476      }
    474477    }
    475478    break;
     
    478481  case 'send' :
    479482  {
    480     if (isset($_POST['send_submit']) and isset($_POST['send_selection']) and isset($_POST['send_customize_mail_content']))
     483    if (isset($_POST['send_submit']) and isset($_POST['send_selection']) and isset($_POST['send_customize_mail_content']) and !is_adviser())
    481484    {
    482485      $check_key_treated = do_action_send_mail_notification('send', $_POST['send_selection'], stripslashes($_POST['send_customize_mail_content']));
Note: See TracChangeset for help on using the changeset viewer.