oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixed a problem where visitors could post.

Browse source
This commit is contained in:
JT Smith 2002-06-22 18:25:20 +00:00
parent 1c39a556d6
commit 68b4baeb7e
2 changed files with 18 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

8
lib/WebGUI/Wobject/MessageBoard.pm
View file

@ -203,9 +203,13 @@ sub www_view {
$html .= $_[0]->description;
$html = $_[0]->processMacros($html);
$html .= '<table width="100%" cellpadding=2 cellspacing=1 border=0><tr>'.
'<td align="right" valign="bottom" class="tableMenu"><a href="'.
'<td align="right" valign="bottom" class="tableMenu">';
if (WebGUI::Privilege::isInGroup($_[0]->get("groupToPost"))) {
$html .= '<a href="'.
WebGUI::URL::page('func=post&mid=new&wid='.$_[0]->get("wobjectId")).'">'.
WebGUI::International::get(17,$namespace).'</a> &middot; <a href="'.WebGUI::URL::page('func=search&wid='.$_[0]->get("wobjectId")).'">'
WebGUI::International::get(17,$namespace).'</a> &middot; ';
}
$html .= '<a href="'.WebGUI::URL::page('func=search&wid='.$_[0]->get("wobjectId")).'">'
.WebGUI::International::get(364).'</a></td></tr></table>';
$html .= '<table border=0 cellpadding=2 cellspacing=1 width="100%">';
$html .= '<tr><td class="tableHeader">'.WebGUI::International::get(229).'</td>

16
lib/WebGUI/Wobject/UserSubmission.pm
View file

@ -128,8 +128,12 @@ sub _traditionalView {
}
$sth->finish;
$output .= '<table width="100%" cellpadding=2 cellspacing=1 border=0><tr>'.
'<td align="right" class="tableMenu"><a href="'.WebGUI::URL::page('func=editSubmission&sid=new&wid='.
$_[0]->get("wobjectId")).'">'.WebGUI::International::get(20,$namespace).'</a> &middot; <a href="'
'<td align="right" class="tableMenu">';
if (WebGUI::Privilege::isInGroup($_[0]->get("groupToContribute"))) {
$output .= '<a href="'.WebGUI::URL::page('func=editSubmission&sid=new&wid='.
$_[0]->get("wobjectId")).'">'.WebGUI::International::get(20,$namespace).'</a> &middot; ';
}
$output .= '<a href="'
.WebGUI::URL::page('func=search&wid='.$_[0]->get("wobjectId")).'">'
.WebGUI::International::get(364).'</a></td></tr></table>';
$p = WebGUI::Paginator->new(WebGUI::URL::page(),\@row,$_[0]->get("submissionsPerPage"));
@ -428,7 +432,9 @@ sub www_editSubmission {
$submission{convertCarriageReturns} = 1;
$submission{userId} = $session{user}{userId};
}
if ($submission{userId} == $session{user}{userId} || WebGUI::Privilege::isInGroup($_[0]->get("groupToApprove"))) {
if (WebGUI::Privilege::isInGroup($_[0]->get("groupToContribute"))
|| $submission{userId} == $session{user}{userId}
|| WebGUI::Privilege::isInGroup($_[0]->get("groupToApprove"))) {
$output = '<h1>'.WebGUI::International::get(19,$namespace).'</h1>';
$f = WebGUI::HTMLForm->new;
$f->hidden("wid",$session{form}{wid});
@ -463,7 +469,9 @@ sub www_editSubmission {
sub www_editSubmissionSave {
my ($sqlAdd,$owner,$image,$attachment,$title);
($owner) = WebGUI::SQL->quickArray("select userId from UserSubmission_submission where submissionId='$session{form}{sid}'");
if ($owner == $session{user}{userId} || $session{form}{sid} eq "new" || WebGUI::Privilege::isInGroup($_[0]->get("groupToApprove"))) {
if ($owner == $session{user}{userId}
|| ($session{form}{sid} eq "new" && WebGUI::Privilege::isInGroup($_[0]->get("groupToContribute")))
|| WebGUI::Privilege::isInGroup($_[0]->get("groupToApprove"))) {
if ($session{form}{sid} eq "new") {
$session{form}{sid} = getNextId("submissionId");
WebGUI::SQL->write("insert into UserSubmission_submission (wobjectId,submissionId,userId,username)