[Mapbender-commits] r2524 - branches/beck_dev/mapbender/http/php
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Fri Jun 20 11:39:00 EDT 2008
Author: christoph
Date: 2008-06-20 11:39:00 -0400 (Fri, 20 Jun 2008)
New Revision: 2524
Modified:
branches/beck_dev/mapbender/http/php/mod_editApplication.php
branches/beck_dev/mapbender/http/php/mod_editElements.php
Log:
added
security check
link in edit elements
dynamic gui selection
Modified: branches/beck_dev/mapbender/http/php/mod_editApplication.php
===================================================================
--- branches/beck_dev/mapbender/http/php/mod_editApplication.php 2008-06-20 15:37:47 UTC (rev 2523)
+++ branches/beck_dev/mapbender/http/php/mod_editApplication.php 2008-06-20 15:39:00 UTC (rev 2524)
@@ -17,11 +17,17 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
+require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
require_once(dirname(__FILE__)."/../classes/class_administration.php");
+require_once(dirname(__FILE__)."/../classes/class_user.php");
-$editApplicationId = "editApplicationTest";
+$editApplicationId = $_REQUEST["editApplicationId"];
+$user = new User($_SESSION["mb_user_id"]);
+$myApplicationArray = $user->getApplicationsByPermission(false);
+if (!in_array($editApplicationId, $myApplicationArray)) {
+ die("You are not allowed to edit the application '" . $editApplicationId . "'");
+}
?>
<html>
<head>
@@ -335,7 +341,7 @@
}
else {
if (db_result($res,$i,"e_left") && db_result($res,$i,"e_top")) {
- if (db_result($res,$i,"e_closetag") != "iframe" ) {
+ if (db_result($res,$i,"e_closetag") != "iframe" && db_result($res,$i,"e_closetag") != "form" ) {
echo "<".db_result($res,$i,"e_element")." ";
echo " style = '";
}
Modified: branches/beck_dev/mapbender/http/php/mod_editElements.php
===================================================================
--- branches/beck_dev/mapbender/http/php/mod_editElements.php 2008-06-20 15:37:47 UTC (rev 2523)
+++ branches/beck_dev/mapbender/http/php/mod_editElements.php 2008-06-20 15:39:00 UTC (rev 2524)
@@ -466,6 +466,12 @@
echo "<input type='button' class='' name='' value='delete' onclick='thisDelete()'> \n";
echo "<input type='button' class='' name='' value='show' onclick='thisShow()'> \n";
echo "<input type='button' class='' name='' value='sql' onclick='thisExport()'> \n";
+ echo "<input type='button' class='' name='' value='arrange' " .
+ "onclick='window.open(\"mod_editApplication.php?" . SID . "&" .
+ "guiID=" . $_SESSION["mb_user_gui"] . "&" .
+ "editApplicationId=" . $guiList1 . "\", " .
+ "\"edit application\", " .
+ "\"width=500,height=500,dependent\");'> \n";
echo "</div>\n";
echo "<input type='hidden' name='guiList1' value='".$guiList1."' >\n";
echo "<input type='hidden' name='guiId' value='".$guiId."' >\n";
More information about the Mapbender_commits
mailing list