Project

General

Profile

« Previous | Next » 

Revision 319

Added by stefan over 18 years ago

Added permission check to admin/pages/add.php to fix ticket #68. Also used get_page_permission, get_user_details, get_page_details in some places.

View differences:

add.php
39 39 
$admin_groups = $admin->get_post('admin_groups');
40 40 
$viewing_groups = $admin->get_post('viewing_groups');
41 41 

  		




  
  42
  
    
if ($parent!=0) {


  		




  
  43
  
    
	if (!$admin->get_page_permission($parent,'admin'))


  		




  
  44
  
    
		$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']);


  		




  
  45
  
    
} elseif (!$admin->get_permission('pages_add_l0','system')) {


  		




  
  46
  
    
	$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']);


  		




  
  47
  
    
}	


  		




  
  48
  
    

  		




  42
  49
  
    
// Validate data


  		




  43
  50
  
    
if($title == '') {


  		




  44
  51
  
    
	$admin->print_error($MESSAGE['PAGES']['BLANK_TITLE']);


  		




  ......




  74
  81
  
    
}


  		




  75
  82
  
    

  		




  76
  83
  
    
// Check if a page with same page filename exists


  		




  77
  
  
    
$database = new database();


  		




  78
  84
  
    
$get_same_page = $database->query("SELECT page_id FROM ".TABLE_PREFIX."pages WHERE link = '$link'");


  		




  79
  85
  
    
if($get_same_page->numRows() > 0 OR file_exists(WB_PATH.PAGES_DIRECTORY.$link.'.php') OR file_exists(WB_PATH.PAGES_DIRECTORY.$link.'/')) {


  		




  80
  86
  
    
	$admin->print_error($MESSAGE['PAGES']['PAGE_EXISTS']);


  		




  ......




  99
  105
  
    

  		




  100
  106
  
    
// Insert page into pages table


  		




  101
  107
  
    
$query = "INSERT INTO ".TABLE_PREFIX."pages (page_title,menu_title,parent,template,target,position,visibility,searching,menu,language,admin_groups,viewing_groups,modified_when,modified_by) VALUES ('$title','$title','$parent','$template','_top','$position','$visibility','1','1','".DEFAULT_LANGUAGE."','$admin_groups','$viewing_groups','".mktime()."','".$admin->get_user_id()."')";


  		




  102
  
  
    
$database = new database();


  		




  103
  108
  
    
$database->query($query);


  		




  104
  109
  
    
if($database->is_error()) {


  		




  105
  110
  
    
	$admin->print_error($database->get_error());


  		












Also available in:  Unified diff