mirror of
https://github.com/e107inc/e107.git
synced 2025-04-19 20:21:51 +02:00
Bugtracker #4333 - verify link manage
This commit is contained in:
secretr
parent
1f6e7704ca
commit
63a33245fd
@ -11,9 +11,9 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_plugins/links_page/link_class.php,v $
|
||||
| $Revision: 1.5 $
|
||||
| $Date: 2008-01-26 17:35:21 $
|
||||
| $Author: e107steved $
|
||||
| $Revision: 1.6 $
|
||||
| $Date: 2008-02-24 00:04:19 $
|
||||
| $Author: secretr $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
|
||||
@ -480,6 +480,17 @@ class linkclass {
|
||||
$sql->db_Update("links_page_cat", "link_category_order=link_category_order+1 WHERE link_category_id='$linkid' ");
|
||||
}
|
||||
}
|
||||
|
||||
function verify_link_manage($id) {
|
||||
global $sql;
|
||||
|
||||
if ($sql->db_Select("links_page", "link_author", "link_id='".intval($id)."' ")) {
|
||||
$row = $sql->db_Fetch();
|
||||
}
|
||||
|
||||
if(varset($row['link_author']) != USERID)
|
||||
js_location(SITEURL);
|
||||
}
|
||||
|
||||
function dbLinkCreate($mode='') {
|
||||
global $ns, $tp, $qs, $sql, $e107cache, $e_event, $linkspage_pref;
|
||||
@ -553,6 +564,11 @@ class linkclass {
|
||||
if (isset($qs[1]) && $qs[1] == 'edit' && !isset($_POST['submit'])) {
|
||||
if ($sql->db_Select("links_page", "*", "link_id='".intval($qs[2])."' ")) {
|
||||
$row = $sql->db_Fetch();
|
||||
|
||||
if($row['link_author'] != USERID) {
|
||||
header('Location: '.SITEURL);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -11,9 +11,9 @@
|
||||
| GNU General Public License (http://gnu.org).
|
||||
|
|
||||
| $Source: /cvs_backup/e107_0.8/e107_plugins/links_page/links.php,v $
|
||||
| $Revision: 1.6 $
|
||||
| $Date: 2008-02-20 20:28:23 $
|
||||
| $Author: lisa_ $
|
||||
| $Revision: 1.7 $
|
||||
| $Date: 2008-02-24 00:04:19 $
|
||||
| $Author: secretr $
|
||||
+----------------------------------------------------------------------------+
|
||||
*/
|
||||
require_once('../../class2.php');
|
||||
@ -106,6 +106,9 @@ if (isset($_POST['add_link'])) {
|
||||
}
|
||||
if($qs[0] == "manage"){
|
||||
if(check_class($linkspage_pref['link_manager_class'])){
|
||||
|
||||
$lc->verify_link_manage($qs[2]);
|
||||
|
||||
if(isset($linkspage_pref['link_directpost']) && $linkspage_pref['link_directpost']){
|
||||
$lc -> dbLinkCreate();
|
||||
}else{
|
||||
@ -286,8 +289,14 @@ function displayPersonalManager()
|
||||
}
|
||||
if (isset($delete) && $delete == 'main')
|
||||
{
|
||||
$sql->db_Select("links_page", "link_category, link_order", "link_id='".intval($del_id)."'"); // Get the position of target in the order
|
||||
$sql->db_Select("links_page", "link_category, link_order, link_author", "link_id='".intval($del_id)."'"); // Get the position of target in the order
|
||||
|
||||
$row = $sql->db_Fetch();
|
||||
if($row['link_author'] != USERID) {
|
||||
header('Location: '.SITEURL);
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!is_object($sql2)){ $sql2 = new db; }
|
||||
$sql->db_Select("links_page", "link_id", "link_order>'".$row['link_order']."' && link_category='".intval($row['link_category'])."'");
|
||||
while ($row = $sql->db_Fetch())
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user