mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-06 14:46:56 +02:00
Code Issues Releases Wiki Activity

Bugtracker #4333 - verify link manage

Browse Source
This commit is contained in:
secretr
2008-02-24 00:04:19 +00:00
parent 1f6e7704ca
commit 63a33245fd
2 changed files with 32 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
e107_plugins/links_page/link_class.php
View File

@@ -11,9 +11,9 @@
| GNU General Public License (http://gnu.org). | GNU General Public License (http://gnu.org).
| |
| $Source: /cvs_backup/e107_0.8/e107_plugins/links_page/link_class.php,v $ | $Source: /cvs_backup/e107_0.8/e107_plugins/links_page/link_class.php,v $
| $Revision: 1.5 $ | $Revision: 1.6 $
| $Date: 2008-01-26 17:35:21 $ | $Date: 2008-02-24 00:04:19 $
| $Author: e107steved $ | $Author: secretr $
+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+
*/ */
@@ -481,6 +481,17 @@ class linkclass {
} }
} }
function verify_link_manage($id) {
global $sql;
if ($sql->db_Select("links_page", "link_author", "link_id='".intval($id)."' ")) {
$row = $sql->db_Fetch();
}
if(varset($row['link_author']) != USERID)
js_location(SITEURL);
}
function dbLinkCreate($mode='') { function dbLinkCreate($mode='') {
global $ns, $tp, $qs, $sql, $e107cache, $e_event, $linkspage_pref; global $ns, $tp, $qs, $sql, $e107cache, $e_event, $linkspage_pref;
@@ -553,6 +564,11 @@ class linkclass {
if (isset($qs[1]) && $qs[1] == 'edit' && !isset($_POST['submit'])) { if (isset($qs[1]) && $qs[1] == 'edit' && !isset($_POST['submit'])) {
if ($sql->db_Select("links_page", "*", "link_id='".intval($qs[2])."' ")) { if ($sql->db_Select("links_page", "*", "link_id='".intval($qs[2])."' ")) {
$row = $sql->db_Fetch(); $row = $sql->db_Fetch();
if($row['link_author'] != USERID) {
header('Location: '.SITEURL);
exit;
}
} }
} }

17
e107_plugins/links_page/links.php
View File

@@ -11,9 +11,9 @@
| GNU General Public License (http://gnu.org). | GNU General Public License (http://gnu.org).
| |
| $Source: /cvs_backup/e107_0.8/e107_plugins/links_page/links.php,v $ | $Source: /cvs_backup/e107_0.8/e107_plugins/links_page/links.php,v $
| $Revision: 1.6 $ | $Revision: 1.7 $
| $Date: 2008-02-20 20:28:23 $ | $Date: 2008-02-24 00:04:19 $
| $Author: lisa_ $ | $Author: secretr $
+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+
*/ */
require_once('../../class2.php'); require_once('../../class2.php');
@@ -106,6 +106,9 @@ if (isset($_POST['add_link'])) {
} }
if($qs[0] == "manage"){ if($qs[0] == "manage"){
if(check_class($linkspage_pref['link_manager_class'])){ if(check_class($linkspage_pref['link_manager_class'])){
$lc->verify_link_manage($qs[2]);
if(isset($linkspage_pref['link_directpost']) && $linkspage_pref['link_directpost']){ if(isset($linkspage_pref['link_directpost']) && $linkspage_pref['link_directpost']){
$lc -> dbLinkCreate(); $lc -> dbLinkCreate();
}else{ }else{
@@ -286,8 +289,14 @@ function displayPersonalManager()
} }
if (isset($delete) && $delete == 'main') if (isset($delete) && $delete == 'main')
{ {
$sql->db_Select("links_page", "link_category, link_order", "link_id='".intval($del_id)."'"); // Get the position of target in the order $sql->db_Select("links_page", "link_category, link_order, link_author", "link_id='".intval($del_id)."'"); // Get the position of target in the order
$row = $sql->db_Fetch(); $row = $sql->db_Fetch();
if($row['link_author'] != USERID) {
header('Location: '.SITEURL);
exit;
}
if (!is_object($sql2)){ $sql2 = new db; } if (!is_object($sql2)){ $sql2 = new db; }
$sql->db_Select("links_page", "link_id", "link_order>'".$row['link_order']."' && link_category='".intval($row['link_category'])."'"); $sql->db_Select("links_page", "link_id", "link_order>'".$row['link_order']."' && link_category='".intval($row['link_category'])."'");
while ($row = $sql->db_Fetch()) while ($row = $sql->db_Fetch())