mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-01-17 04:38:27 +01:00
Code Issues Releases Wiki Activity

Issue #2883 Permission fixes.

Browse Source
This commit is contained in:
Cameron 2017-12-01 17:00:02 -08:00
parent 5014558f7b
commit 5e4c172c2f
6 changed files with 33 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
e107_admin/administrator.php
View File

@ -156,7 +156,7 @@ function show_admins()
</td> </td>
<td class='center'> <td class='center'>
"; ";
if($row['user_id'] != "1") if($row['user_id'] != "1" && intval($row['user_id']) !== USERID)
{ {
$text .= " $text .= "
".$frm->submit_image("edit_admin[{$row['user_id']}]", 'edit', 'edit', LAN_EDIT)." ".$frm->submit_image("edit_admin[{$row['user_id']}]", 'edit', 'edit', LAN_EDIT)."

5
e107_admin/auth.php
View File

@ -56,6 +56,11 @@ if(USER && !getperms('0') && vartrue($pref['multilanguage']) && !getperms(e_LANG
$tmp = explode(".",ADMINPERMS); $tmp = explode(".",ADMINPERMS);
foreach($tmp as $ln) foreach($tmp as $ln)
{ {
if(strlen($ln) < 3) // not a language perm.
{
continue;
}
if($lng->isValid($ln)) if($lng->isValid($ln))
{ {
$redirect = deftrue("MULTILANG_SUBDOMAIN") ? $lng->subdomainUrl($ln) : e_SELF."?elan=".$ln; $redirect = deftrue("MULTILANG_SUBDOMAIN") ? $lng->subdomainUrl($ln) : e_SELF."?elan=".$ln;

13
e107_admin/users.php
View File

@ -2379,7 +2379,12 @@ class users_admin_form_ui extends e_admin_form_ui
// $uid = $this->getController()->getModel()->get('user_id'); // $uid = $this->getController()->getModel()->get('user_id');
$perms = $this->getController()->getModel()->get('user_perms'); $perms = $this->getController()->getModel()->get('user_perms');
if($mode == 'read' || (str_replace(".","",$perms) == '0')) if($mode == 'filter' && getperms('3'))
{
return array(0=>LAN_NO, '1'=>LAN_YES);
}
if($mode == 'read' || (str_replace(".","",$perms) == '0') || !getperms('3'))
{ {
return $this->renderValue('user_admin',$curval,$att); return $this->renderValue('user_admin',$curval,$att);
} }
@ -2390,6 +2395,7 @@ class users_admin_form_ui extends e_admin_form_ui
} }
} }
@ -2443,10 +2449,9 @@ class users_admin_form_ui extends e_admin_form_ui
$perms = $this->getController()->getModel()->get('user_perms'); $perms = $this->getController()->getModel()->get('user_perms');
$uid = $this->getController()->getModel()->get('user_id'); $uid = $this->getController()->getModel()->get('user_id');
if($mode == 'read' || (str_replace(".","",$perms) == '0' && $uid == USERID)) if($mode == 'read' || (str_replace(".","",$perms) == '0' && $uid == USERID) || !getperms('3'))
{ {
return e107::getUserPerms()->renderPerms($curval,$uid);
return e107::getUserPerms()->renderPerms($curval,$uid);
} }
if($mode == 'write') if($mode == 'write')
{ {

6
e107_core/shortcodes/batch/admin_shortcodes.php
View File

@ -1964,7 +1964,8 @@ Inverse 10 <span class="badge badge-inverse">10</span>
$active = ''; $active = '';
foreach ($array_functions as $key => $subitem) foreach ($array_functions as $key => $subitem)
{ {
if(!empty($subitem[3]) && !getperms($subitem[3]))
if(isset($subitem[3]) && $subitem[3] !== false && !getperms($subitem[3]))
{ {
continue; continue;
} }
@ -2077,8 +2078,7 @@ Inverse 10 <span class="badge badge-inverse">10</span>
// ------------------------------------------------------------------ // ------------------------------------------------------------------
// print_a($menu_vars); // e107::getDebug()->log($menu_vars);
return e107::getNav()->admin('', $active, $menu_vars, $$tmpl, false, false); return e107::getNav()->admin('', $active, $menu_vars, $$tmpl, false, false);

23
e107_handlers/sitelinks_class.php
View File

@ -895,14 +895,15 @@ i.e-cat_users-32{ background-position: -555px 0; width: 32px; height: 32px; }
32 => array(e_ADMIN_ABS.'eurl.php', ADLAN_159, ADLAN_160, 'K', 1, E_16_EURL, E_32_EURL), 32 => array(e_ADMIN_ABS.'eurl.php', ADLAN_159, ADLAN_160, 'K', 1, E_16_EURL, E_32_EURL),
33 => array(e_ADMIN_ABS.'plugin.php', ADLAN_98, ADLAN_99, 'Z', 5 , E_16_PLUGMANAGER, E_32_PLUGMANAGER), 33 => array(e_ADMIN_ABS.'plugin.php', ADLAN_98, ADLAN_99, 'Z', 5 , E_16_PLUGMANAGER, E_32_PLUGMANAGER),
34 => array(e_ADMIN_ABS.'docs.php', ADLAN_12, ADLAN_13, '', 20, E_16_DOCS, E_32_DOCS), 34 => array(e_ADMIN_ABS.'docs.php', ADLAN_12, ADLAN_13, false, 20, E_16_DOCS, E_32_DOCS),
// TODO System Info. // TODO System Info.
// 35 => array('#TODO', 'System Info', 'System Information', '', 20, '', ''), // 35 => array('#TODO', 'System Info', 'System Information', '', 20, '', ''),
36 => array(e_ADMIN_ABS.'credits.php', LAN_CREDITS, LAN_CREDITS, '', 20, E_16_E107, E_32_E107), 36 => array(e_ADMIN_ABS.'credits.php', LAN_CREDITS, LAN_CREDITS, false, 20, E_16_E107, E_32_E107),
// 37 => array(e_ADMIN.'custom_field.php', ADLAN_161, ADLAN_162, 'U', 4, E_16_CUSTOMFIELD, E_32_CUSTOMFIELD), // 37 => array(e_ADMIN.'custom_field.php', ADLAN_161, ADLAN_162, 'U', 4, E_16_CUSTOMFIELD, E_32_CUSTOMFIELD),
38 => array(e_ADMIN_ABS.'comment.php', LAN_COMMENTMAN, LAN_COMMENTMAN, 'B', 5, E_16_COMMENT, E_32_COMMENT), 38 => array(e_ADMIN_ABS.'comment.php', LAN_COMMENTMAN, LAN_COMMENTMAN, 'B', 5, E_16_COMMENT, E_32_COMMENT),
); );
if($mode == 'legacy') if($mode == 'legacy')
{ {
return $array_functions; // Old BC format. return $array_functions; // Old BC format.
@ -910,6 +911,8 @@ i.e-cat_users-32{ background-position: -555px 0; width: 32px; height: 32px; }
$newarray = asortbyindex($array_functions, 1); $newarray = asortbyindex($array_functions, 1);
$array_functions_assoc = $this->convert_core_icons($newarray); $array_functions_assoc = $this->convert_core_icons($newarray);
if($mode == 'core') // Core links only. if($mode == 'core') // Core links only.
{ {
@ -937,7 +940,7 @@ i.e-cat_users-32{ background-position: -555px 0; width: 32px; height: 32px; }
$array_functions_assoc[$key] = $val; $array_functions_assoc[$key] = $val;
} }
} }
return $array_functions_assoc; return $array_functions_assoc;
} }
@ -1318,10 +1321,12 @@ i.e-cat_users-32{ background-position: -555px 0; width: 32px; height: 32px; }
unset($temp); unset($temp);
} }
if(!is_array($e107_vars)) if(empty($e107_vars))
{ {
return; return null;
} }
$kpost = ''; $kpost = '';
$text = ''; $text = '';
@ -1353,7 +1358,7 @@ i.e-cat_users-32{ background-position: -555px 0; width: 32px; height: 32px; }
foreach (array_keys($e107_vars) as $act) foreach (array_keys($e107_vars) as $act)
{ {
if (isset($e107_vars[$act]['perm']) && !getperms($e107_vars[$act]['perm'])) // check perms first. if (isset($e107_vars[$act]['perm']) && $e107_vars[$act]['perm'] !== false && !getperms($e107_vars[$act]['perm'])) // check perms first.
{ {
continue; continue;
} }
@ -1475,7 +1480,7 @@ i.e-cat_users-32{ background-position: -555px 0; width: 32px; height: 32px; }
$START_SUB = $tmpl['start_sub']; $START_SUB = $tmpl['start_sub'];
} }
if (vartrue($e107_vars[$act]['sub'])) if(!empty($e107_vars[$act]['sub']))
{ {
$replace[6] = $id ? " id='eplug-nav-{$rid}-sub'" : ''; $replace[6] = $id ? " id='eplug-nav-{$rid}-sub'" : '';
$replace[7] = ' '.varset($e107_vars[$act]['link_class'], 'e-expandit'); $replace[7] = ' '.varset($e107_vars[$act]['link_class'], 'e-expandit');

2
signup.php
View File

@ -815,7 +815,7 @@ if (isset($_POST['register']) && intval($pref['user_reg']) === 1)
if (vartrue($pref['allowEmailLogin'])) if (vartrue($pref['allowEmailLogin']))
{ // Need to create separate password for email login { // Need to create separate password for email login
//$allData['data']['user_prefs'] = serialize(array('email_password' => $userMethods->HashPassword($savePassword, $allData['data']['user_email']))); //$allData['data']['user_prefs'] = serialize(array('email_password' => $userMethods->HashPassword($savePassword, $allData['data']['user_email'])));
$allData['data']['user_prefs'] = e107::getArrayStorage()->serialize(array('email_password' => $userMethods->HashPassword($savePassword, $allData['data']['user_email']))); $allData['data']['user_prefs'] = e107::serialize(array('email_password' => $userMethods->HashPassword($savePassword, $allData['data']['user_email'])));
} }
$allData['data']['user_join'] = time(); $allData['data']['user_join'] = time();