oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

bugfix [ 1396957 ] Priv checks on DataForm

Browse source
This commit is contained in:
Roy Johnson 2006-01-11 00:27:24 +00:00
parent 2599a4c853
commit 8071a041fa
3 changed files with 27 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/changelog/6.x.x.txt
View file

@ -2,6 +2,8 @@
- Converted WebGUI to use a new object oriented session system. More details - Converted WebGUI to use a new object oriented session system. More details
in migation.txt. in migation.txt.
6.8.5
- fix [ 1396957 ] Insufficient privileges check on the DataForm
6.8.4 6.8.4
- fix [ 1395371 ] XSS Vulnerability in DataForm Entries - fix [ 1395371 ] XSS Vulnerability in DataForm Entries

16
lib/WebGUI/Asset/Wobject/DataForm.pm
View file

@ -16,6 +16,7 @@ use Tie::IxHash;
use WebGUI::DateTime; use WebGUI::DateTime;
use WebGUI::Form; use WebGUI::Form;
use WebGUI::FormProcessor; use WebGUI::FormProcessor;
use WebGUI::Grouping;
use WebGUI::HTML; use WebGUI::HTML;
use WebGUI::HTMLForm; use WebGUI::HTMLForm;
use WebGUI::HTTP; use WebGUI::HTTP;
@ -169,7 +170,11 @@ sub definition {
defaultView=>{ defaultView=>{
defaultValue=>0, defaultValue=>0,
fieldType=>"integer" fieldType=>"integer"
} },
groupToViewEntries=>{
defaultValue=>7,
fieldType=>"group"
},
} }
}); });
return $class->SUPER::definition($definition); return $class->SUPER::definition($definition);
@ -261,6 +266,14 @@ sub getEditForm {
-hoverHelp=>WebGUI::International::get('74 description',"Asset_DataForm"), -hoverHelp=>WebGUI::International::get('74 description',"Asset_DataForm"),
-value=>$self->getValue("mailData") -value=>$self->getValue("mailData")
); );
$tabform->getTab("security")->group(
-name=>"groupToViewEntries",
-label=>WebGUI::International::get('group to view entries', "Asset_DataForm"),
-hoverHelp=>WebGUI::International::get('group to view entries description',"Asset_DataForm"),
-value=>$self->getValue("groupToViewEntries")
);
if ($self->getId eq "new" && $self->session->form->process("proceed") ne "manageAssets") { if ($self->getId eq "new" && $self->session->form->process("proceed") ne "manageAssets") {
$tabform->getTab("properties")->whatNext( $tabform->getTab("properties")->whatNext(
-options=>{ -options=>{
@ -652,6 +665,7 @@ sub view {
sub viewList { sub viewList {
my $self = shift; my $self = shift;
return WebGUI::Privilege::insufficient() unless (WebGUI::Grouping::isInGroup($self->get("groupToViewEntries")));
return $self->processTemplate($self->getListTemplateVars,$self->get("listTemplateId")); return $self->processTemplate($self->getListTemplateVars,$self->get("listTemplateId"));
} }

10
lib/WebGUI/i18n/English/Asset_DataForm.pm
View file

@ -1,6 +1,16 @@
package WebGUI::i18n::English::Asset_DataForm; package WebGUI::i18n::English::Asset_DataForm;
our $I18N = { our $I18N = {
'group to view entries' => {
message => q|Group To View DataForm Entries|,
lastUpdated => 1057208065
},
'group to view entries description' => {
message => q|Members of this group will have the ability to view data submitted to this DataForm Asset.|,
lastUpdated => 1057208065
},
'90' => { '90' => {
message => q|Delete this entry.|, message => q|Delete this entry.|,
lastUpdated => 1057208065 lastUpdated => 1057208065