From 6e0d95ac793c21103b3bc151b60ef01eabb629b3 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Thu, 25 Mar 2010 11:16:42 +0000 Subject: [PATCH] Fix: Move functions "verifCond" and "dol_eval" to functions.lib.php --- htdocs/core/menubase.class.php | 79 +++---------------- htdocs/lib/functions.lib.php | 54 +++++++++++++ .../canvas/default/product.default.class.php | 2 +- 3 files changed, 68 insertions(+), 67 deletions(-) diff --git a/htdocs/core/menubase.class.php b/htdocs/core/menubase.class.php index d2e782c916a..d5d27b6496f 100644 --- a/htdocs/core/menubase.class.php +++ b/htdocs/core/menubase.class.php @@ -1,6 +1,6 @@ - * Copyright (C) 2009 Regis Houssin + * Copyright (C) 2009-2010 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -18,17 +18,17 @@ */ /** - \file htdocs/core/menubase.class.php - \ingroup core - \version $Id$ - \brief File of class to manage dynamic menu entries - \remarks Initialy built by build_class_from_table on 2008-01-12 14:19 + * \file htdocs/core/menubase.class.php + * \ingroup core + * \version $Id$ + * \brief File of class to manage dynamic menu entries + * \remarks Initialy built by build_class_from_table on 2008-01-12 14:19 */ /** - \class Menubase - \brief Class to manage menu entries + * \class Menubase + * \brief Class to manage menu entries */ class Menubase { @@ -406,7 +406,7 @@ class Menubase $perms = true; if ($menu['perms']) { - $perms = $this->verifCond($menu['perms']); + $perms = verifCond($menu['perms']); //print "verifCond rowid=".$menu['rowid']." ".$menu['right'].":".$perms."
\n"; } @@ -414,7 +414,7 @@ class Menubase $enabled = true; if ($menu['enabled']) { - $enabled = $this->verifCond($menu['enabled']); + $enabled = verifCond($menu['enabled']); //print "verifCond rowid=".$menu['rowid']." ".$menu['enabled'].":".$enabled."
\n"; } @@ -493,7 +493,7 @@ class Menubase $leftmenuConstraint = true; if ($tab[$x][6]) { - $leftmenuConstraint = $this->verifCond($tab[$x][6]); + $leftmenuConstraint = verifCond($tab[$x][6]); } if ($leftmenuConstraint) @@ -508,37 +508,6 @@ class Menubase } } - /** - * Verify if condition in string is ok or not - * - * @param string $strRights - * @return boolean true or false - */ - function verifCond($strRights) - { - global $user,$conf,$lang,$leftmenu; - global $rights; // To export to dol_eval function - - //print $strRights."
\n"; - if ($strRights != "") - { - $rights = true; - $tab_rights = explode("||", $strRights); - $i = 0; - while (($i < count($tab_rights)) && ($rights == true)) { - $str = 'if(!(' . $strRights . ')) { $rights = false; }'; - dol_eval ($str); - $i++; - } - } - else - { - $rights = true; - } - - return $rights; - } - /** * Return all values of mainmenu where leftmenu defined * in pre.inc.php must be overwritten completely by dynamic menu. @@ -642,14 +611,14 @@ class Menubase $perms = true; if ($objm->perms) { - $perms = $this->verifCond($objm->perms); + $perms = verifCond($objm->perms); } // Define $enabled $enabled = true; if ($objm->enabled) { - $enabled = $this->verifCond($objm->enabled); + $enabled = verifCond($objm->enabled); } if ($objm->rowid != $oldrowid && $oldrowid) $b++; // Break on new entry @@ -679,26 +648,4 @@ class Menubase } -/** - * Replace eval function to add more security - * - * @param string $s - * @return int 1 - */ -function dol_eval($s) -{ - // Only global variables can be changed by eval function and returned to caller - global $langs, $user, $conf; - global $rights; - global $leftmenu; - - // \todo - // Warning. We must add code to exclude test if it contains = (affectation) that is not == (compare) - - //print $s."
\n"; - eval($s); - - return 1; -} - ?> diff --git a/htdocs/lib/functions.lib.php b/htdocs/lib/functions.lib.php index 4f2121b054c..a96853818ea 100644 --- a/htdocs/lib/functions.lib.php +++ b/htdocs/lib/functions.lib.php @@ -3252,4 +3252,58 @@ function addHelpMessage($inputId,$message) return $helpMessage; } +/** + * Verify if condition in string is ok or not + * + * @param string $strRights + * @return boolean true or false + */ +function verifCond($strRights) +{ + global $user,$conf,$langs,$leftmenu; + global $rights; // To export to dol_eval function + + //print $strRights."
\n"; + if ($strRights != "") + { + $rights = true; + $tab_rights = explode("||", $strRights); + $i = 0; + while (($i < count($tab_rights)) && ($rights == true)) { + $str = 'if(!(' . $strRights . ')) { $rights = false; }'; + dol_eval($str); + $i++; + } + } + else + { + $rights = true; + } + + return $rights; +} + +/** + * Replace eval function to add more security + * + * @param string $s + * @return int 1 + */ +function dol_eval($s) +{ + // Only global variables can be changed by eval function and returned to caller + global $langs, $user, $conf; + global $rights; + global $leftmenu; + + // \todo + // Warning. We must add code to exclude test if it contains = (affectation) that is not == (compare) + + //print $s."
\n"; + eval($s); + + return 1; +} + + ?> \ No newline at end of file diff --git a/htdocs/product/canvas/default/product.default.class.php b/htdocs/product/canvas/default/product.default.class.php index db527c3a582..9c04b29c84e 100644 --- a/htdocs/product/canvas/default/product.default.class.php +++ b/htdocs/product/canvas/default/product.default.class.php @@ -102,7 +102,7 @@ class ProductDefault extends Product $fieldlist["align"] = $obj->align; $fieldlist["sort"] = $obj->sort; $fieldlist["search"] = $obj->search; - $fieldlist["enabled"] = $obj->enabled; + $fieldlist["enabled"] = verifCond($obj->enabled); $fieldlist["order"] = $obj->rang; array_push($this->field_list,$fieldlist);