mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-01-16 20:28:28 +01:00
Code Issues Releases Wiki Activity

Issue #2883 Permission fixes.

Browse Source
This commit is contained in:
Cameron 2017-12-01 17:00:02 -08:00
parent 5014558f7b
commit 5e4c172c2f
6 changed files with 33 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
e107_admin/administrator.php
View File

@ -156,7 +156,7 @@ function show_admins()
</td>
<td class='center'>
";
if($row['user_id'] != "1")
if($row['user_id'] != "1" && intval($row['user_id']) !== USERID)
{
$text .= "
".$frm->submit_image("edit_admin[{$row['user_id']}]", 'edit', 'edit', LAN_EDIT)."

5
e107_admin/auth.php
View File

@ -56,6 +56,11 @@ if(USER && !getperms('0') && vartrue($pref['multilanguage']) && !getperms(e_LANG
$tmp = explode(".",ADMINPERMS);
foreach($tmp as $ln)
{
if(strlen($ln) < 3) // not a language perm.
{
continue;
}
if($lng->isValid($ln))
{
$redirect = deftrue("MULTILANG_SUBDOMAIN") ? $lng->subdomainUrl($ln) : e_SELF."?elan=".$ln;

13
e107_admin/users.php
View File

@ -2379,7 +2379,12 @@ class users_admin_form_ui extends e_admin_form_ui
// $uid = $this->getController()->getModel()->get('user_id');
$perms = $this->getController()->getModel()->get('user_perms');
if($mode == 'read' || (str_replace(".","",$perms) == '0'))
if($mode == 'filter' && getperms('3'))
{
return array(0=>LAN_NO, '1'=>LAN_YES);
}
if($mode == 'read' || (str_replace(".","",$perms) == '0') || !getperms('3'))
{
return $this->renderValue('user_admin',$curval,$att);
}
@ -2390,6 +2395,7 @@ class users_admin_form_ui extends e_admin_form_ui
}
}
@ -2443,10 +2449,9 @@ class users_admin_form_ui extends e_admin_form_ui
$perms = $this->getController()->getModel()->get('user_perms');
$uid = $this->getController()->getModel()->get('user_id');
if($mode == 'read' || (str_replace(".","",$perms) == '0' && $uid == USERID))
if($mode == 'read' || (str_replace(".","",$perms) == '0' && $uid == USERID) || !getperms('3'))
{
return e107::getUserPerms()->renderPerms($curval,$uid);
return e107::getUserPerms()->renderPerms($curval,$uid);
}
if($mode == 'write')
{

6
e107_core/shortcodes/batch/admin_shortcodes.php
View File

@ -1964,7 +1964,8 @@ Inverse 10 <span class="badge badge-inverse">10</span>
$active = '';
foreach ($array_functions as $key => $subitem)
{
if(!empty($subitem[3]) && !getperms($subitem[3]))
if(isset($subitem[3]) && $subitem[3] !== false && !getperms($subitem[3]))
{
continue;
}
@ -2077,8 +2078,7 @@ Inverse 10 <span class="badge badge-inverse">10</span>
// ------------------------------------------------------------------
// print_a($menu_vars);
// e107::getDebug()->log($menu_vars);
return e107::getNav()->admin('', $active, $menu_vars, $$tmpl, false, false);

23
e107_handlers/sitelinks_class.php
View File

@ -895,14 +895,15 @@ i.e-cat_users-32{ background-position: -555px 0; width: 32px; height: 32px; }
32 => array(e_ADMIN_ABS.'eurl.php', ADLAN_159, ADLAN_160, 'K', 1, E_16_EURL, E_32_EURL),
33 => array(e_ADMIN_ABS.'plugin.php', ADLAN_98, ADLAN_99, 'Z', 5 , E_16_PLUGMANAGER, E_32_PLUGMANAGER),
34 => array(e_ADMIN_ABS.'docs.php', ADLAN_12, ADLAN_13, '', 20, E_16_DOCS, E_32_DOCS),
34 => array(e_ADMIN_ABS.'docs.php', ADLAN_12, ADLAN_13, false, 20, E_16_DOCS, E_32_DOCS),
// TODO System Info.
// 35 => array('#TODO', 'System Info', 'System Information', '', 20, '', ''),
36 => array(e_ADMIN_ABS.'credits.php', LAN_CREDITS, LAN_CREDITS, '', 20, E_16_E107, E_32_E107),
36 => array(e_ADMIN_ABS.'credits.php', LAN_CREDITS, LAN_CREDITS, false, 20, E_16_E107, E_32_E107),
// 37 => array(e_ADMIN.'custom_field.php', ADLAN_161, ADLAN_162, 'U', 4, E_16_CUSTOMFIELD, E_32_CUSTOMFIELD),
38 => array(e_ADMIN_ABS.'comment.php', LAN_COMMENTMAN, LAN_COMMENTMAN, 'B', 5, E_16_COMMENT, E_32_COMMENT),
);
);
if($mode == 'legacy')
{
return $array_functions; // Old BC format.
@ -910,6 +911,8 @@ i.e-cat_users-32{ background-position: -555px 0; width: 32px; height: 32px; }
$newarray = asortbyindex($array_functions, 1);
$array_functions_assoc = $this->convert_core_icons($newarray);
if($mode == 'core') // Core links only.
{
@ -937,7 +940,7 @@ i.e-cat_users-32{ background-position: -555px 0; width: 32px; height: 32px; }
$array_functions_assoc[$key] = $val;
}
}
return $array_functions_assoc;
}
@ -1318,10 +1321,12 @@ i.e-cat_users-32{ background-position: -555px 0; width: 32px; height: 32px; }
unset($temp);
}
if(!is_array($e107_vars))
if(empty($e107_vars))
{
return;
return null;
}
$kpost = '';
$text = '';
@ -1353,7 +1358,7 @@ i.e-cat_users-32{ background-position: -555px 0; width: 32px; height: 32px; }
foreach (array_keys($e107_vars) as $act)
{
if (isset($e107_vars[$act]['perm']) && !getperms($e107_vars[$act]['perm'])) // check perms first.
if (isset($e107_vars[$act]['perm']) && $e107_vars[$act]['perm'] !== false && !getperms($e107_vars[$act]['perm'])) // check perms first.
{
continue;
}
@ -1475,7 +1480,7 @@ i.e-cat_users-32{ background-position: -555px 0; width: 32px; height: 32px; }
$START_SUB = $tmpl['start_sub'];
}
if (vartrue($e107_vars[$act]['sub']))
if(!empty($e107_vars[$act]['sub']))
{
$replace[6] = $id ? " id='eplug-nav-{$rid}-sub'" : '';
$replace[7] = ' '.varset($e107_vars[$act]['link_class'], 'e-expandit');

2
signup.php
View File

@ -815,7 +815,7 @@ if (isset($_POST['register']) && intval($pref['user_reg']) === 1)
if (vartrue($pref['allowEmailLogin']))
{ // Need to create separate password for email login
//$allData['data']['user_prefs'] = serialize(array('email_password' => $userMethods->HashPassword($savePassword, $allData['data']['user_email'])));
$allData['data']['user_prefs'] = e107::getArrayStorage()->serialize(array('email_password' => $userMethods->HashPassword($savePassword, $allData['data']['user_email'])));
$allData['data']['user_prefs'] = e107::serialize(array('email_password' => $userMethods->HashPassword($savePassword, $allData['data']['user_email'])));
}
$allData['data']['user_join'] = time();