From 5ba9a1134b39417c59614056260f2f0cd180d80a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Doursenaud?= Date: Tue, 10 Dec 2013 11:00:46 +0100 Subject: [PATCH 1/6] Removed dead code --- htdocs/comm/index.php | 20 -------------------- htdocs/compta/index.php | 24 ------------------------ 2 files changed, 44 deletions(-) diff --git a/htdocs/comm/index.php b/htdocs/comm/index.php index dff264b6f25..82989b1b842 100644 --- a/htdocs/comm/index.php +++ b/htdocs/comm/index.php @@ -53,26 +53,6 @@ $now=dol_now(); * Actions */ -if ($action == 'add_bookmark' && ! empty($socid)) -{ - $sql = "DELETE FROM ".MAIN_DB_PREFIX."bookmark WHERE fk_soc = ".$db->escape($socid)." AND fk_user=".$user->id; - if (! $db->query($sql) ) - { - dol_print_error($db); - } - $sql = "INSERT INTO ".MAIN_DB_PREFIX."bookmark (fk_soc, dateb, fk_user) VALUES (".$db->escape($socid).", ".$db->idate($now).",".$user->id.");"; - if (! $db->query($sql) ) - { - dol_print_error($db); - } -} - -if ($action == 'del_bookmark' && ! empty($bid)) -{ - $sql = "DELETE FROM ".MAIN_DB_PREFIX."bookmark WHERE rowid=".$db->escape($bid); - $result = $db->query($sql); -} - /* * View diff --git a/htdocs/compta/index.php b/htdocs/compta/index.php index bccf0128b42..0580ac766d5 100644 --- a/htdocs/compta/index.php +++ b/htdocs/compta/index.php @@ -62,30 +62,6 @@ if ($user->societe_id > 0) * Actions */ -if ($action == 'add_bookmark') -{ - $now=dol_now(); - - $sql = "DELETE FROM ".MAIN_DB_PREFIX."bookmark WHERE fk_soc = ".$socid." AND fk_user=".$user->id; - if (! $db->query($sql) ) - { - dol_print_error($db); - } - $sql = "INSERT INTO ".MAIN_DB_PREFIX."bookmark (fk_soc, dateb, fk_user) VALUES (".$socid.", ".$db->idate($now).",".$user->id.");"; - if (! $db->query($sql) ) - { - dol_print_error($db); - } -} - -if ($action == 'del_bookmark' && ! empty($bid)) -{ - $sql = "DELETE FROM ".MAIN_DB_PREFIX."bookmark WHERE rowid=".$db->escape($bid); - $result = $db->query($sql); -} - - - /* * View From d3d186315067d36ec6079ab7603a4e471bbe2200 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Doursenaud?= Date: Tue, 10 Dec 2013 11:12:46 +0100 Subject: [PATCH 2/6] Removed unused file --- htdocs/comm/bookmark.php | 149 --------------------------------------- 1 file changed, 149 deletions(-) delete mode 100644 htdocs/comm/bookmark.php diff --git a/htdocs/comm/bookmark.php b/htdocs/comm/bookmark.php deleted file mode 100644 index 1b5b1100736..00000000000 --- a/htdocs/comm/bookmark.php +++ /dev/null @@ -1,149 +0,0 @@ - - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -/** - * \file htdocs/comm/bookmark.php - * \brief Page affichage des bookmarks - */ - - -require '../main.inc.php'; - - -$sortfield = GETPOST("sortfield",'alpha'); -$sortorder = GETPOST("sortorder",'alpha'); -$page = GETPOST("page",'int'); -if ($page == -1) { $page = 0; } -$offset = $conf->liste_limit * $page; -$pageprev = $page - 1; -$pagenext = $page + 1; -if (! $sortorder) $sortorder="DESC"; -if (! $sortfield) $sortfield="bid"; -$limit = $conf->liste_limit; - - -llxHeader(); - - -/* - * Actions - */ - -if ($_GET["action"] == 'add') -{ - $bookmark=new Bookmark($db); - $bookmark->fk_user=$user->id; - $bookmark->url=$user->id; - $bookmark->target=$user->id; - $bookmark->title='xxx'; - $bookmark->favicon='xxx'; - - $res=$bookmark->create(); - if ($res > 0) - { - header("Location: ".$_SERVER["PHP_SELF"]); - } - else - { - $mesg='
'.$bookmark->error.'
'; - } -} - -if ($_GET["action"] == 'delete') -{ - $bookmark=new Bookmark($db); - $bookmark->id=$_GET["bid"]; - $bookmark->url=$user->id; - $bookmark->target=$user->id; - $bookmark->title='xxx'; - $bookmark->favicon='xxx'; - - $res=$bookmark->remove(); - if ($res > 0) - { - header("Location: ".$_SERVER["PHP_SELF"]); - } - else - { - $mesg='
'.$bookmark->error.'
'; - } -} - - - -print_fiche_titre($langs->trans("Bookmarks")); - -$sql = "SELECT s.rowid, s.nom as name, b.dateb as dateb, b.rowid as bid, b.fk_user, b.url, b.target, u.lastname, u.firstname"; -$sql.= " FROM ".MAIN_DB_PREFIX."bookmark as b, ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."user as u"; -$sql.= " WHERE b.fk_soc = s.rowid AND b.fk_user=u.rowid"; -if (! $user->admin) $sql.= " AND b.fk_user = ".$user->id; -$sql.= $db->order($sortfield,$sortorder); -$sql.= $db->plimit($limit, $offset); - -$resql=$db->query($sql); -if ($resql) -{ - $num = $db->num_rows($resql); - $i = 0; - - if ($sortorder == "DESC") $sortorder="ASC"; - else $sortorder="DESC"; - - print ""; - - print ""; - //print ""; - print_liste_field_titre($langs->trans("Id"),$_SERVER["PHP_SELF"],"bid","","",'align="center"',$sortfield,$sortorder); - print_liste_field_titre($langs->trans("Author"),$_SERVER["PHP_SELF"],"u.lastname","","","",$sortfield,$sortorder); - print_liste_field_titre($langs->trans("Date"),$_SERVER["PHP_SELF"],"b.dateb","","",'align="center"',$sortfield,$sortorder); - print_liste_field_titre($langs->trans("Company"),$_SERVER["PHP_SELF"],"s.nom","","","",$sortfield,$sortorder); - print_liste_field_titre($langs->trans("Url"),$_SERVER["PHP_SELF"],"b.url","","",'',$sortfield,$sortorder); - print ""; - print ""; - print "\n"; - - $var=True; - while ($i < $num) - { - $obj = $db->fetch_object($resql); - - $var=!$var; - print ""; - //print ""; - print ""; - print "\n"; - print '"; - print "\n"; - print '"; - print '"; - print "\n"; - print "\n"; - $i++; - } - print "
 ".$langs->trans("Target")." 
" . ($i + 1 + ($limit * $page)) . "".$obj->bid."".img_object($langs->trans("ShowUser"),"user").' '.$obj->lastname." ".$obj->firstname."'.dol_print_date($db->jdate($obj->dateb))."rowid."\">".img_object($langs->trans("ShowCompany"),"company").' '.$obj->name."'.$obj->url."'.$obj->target."bid."\">".img_delete()."
"; - $db->free($resql); -} -else -{ - dol_print_error($db); -} - - -$db->close(); - -llxFooter(); -?> From 071dd8e758d75f01608474be925252e057177755 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Doursenaud?= Date: Tue, 10 Dec 2013 11:33:27 +0100 Subject: [PATCH 3/6] Make bookmarks module multicompany aware --- htdocs/bookmarks/bookmarks.lib.php | 1 + htdocs/bookmarks/class/bookmark.class.php | 9 ++++++++- htdocs/bookmarks/liste.php | 1 + htdocs/core/boxes/box_bookmarks.php | 3 ++- htdocs/install/mysql/tables/llx_bookmark.sql | 3 ++- 5 files changed, 14 insertions(+), 3 deletions(-) diff --git a/htdocs/bookmarks/bookmarks.lib.php b/htdocs/bookmarks/bookmarks.lib.php index d8083eb9fee..872691d4ee1 100644 --- a/htdocs/bookmarks/bookmarks.lib.php +++ b/htdocs/bookmarks/bookmarks.lib.php @@ -67,6 +67,7 @@ function printBookmarksList($aDb, $aLangs) { $sql = "SELECT rowid, title, url, target FROM ".MAIN_DB_PREFIX."bookmark"; $sql.= " WHERE (fk_user = ".$user->id." OR fk_user is NULL OR fk_user = 0)"; + $sql.= " AND entity = ".$conf->entity; $sql.= " ORDER BY position"; if ($resql = $db->query($sql) ) { diff --git a/htdocs/bookmarks/class/bookmark.class.php b/htdocs/bookmarks/class/bookmark.class.php index 088afa10661..c88e2014665 100644 --- a/htdocs/bookmarks/class/bookmark.class.php +++ b/htdocs/bookmarks/class/bookmark.class.php @@ -57,10 +57,13 @@ class Bookmark */ function fetch($id) { + global $conf; + $sql = "SELECT rowid, fk_user, dateb as datec, url, target,"; $sql.= " title, position, favicon"; $sql.= " FROM ".MAIN_DB_PREFIX."bookmark"; $sql.= " WHERE rowid = ".$id; + $sql.= " AND entity = ".$conf->entity; dol_syslog("Bookmark::fetch sql=".$sql, LOG_DEBUG); $resql = $this->db->query($sql); @@ -96,6 +99,8 @@ class Bookmark */ function create() { + global $conf; + // Clean parameters $this->url=trim($this->url); $this->title=trim($this->title); @@ -106,13 +111,15 @@ class Bookmark $this->db->begin(); $sql = "INSERT INTO ".MAIN_DB_PREFIX."bookmark (fk_user,dateb,url,target"; - $sql.= " ,title,favicon,position"; + $sql.= ",title,favicon,position"; + $sql.= ",entity"; if ($this->fk_soc) $sql.=",fk_soc"; $sql.= ") VALUES ("; $sql.= ($this->fk_user > 0?"'".$this->fk_user."'":"0").","; $sql.= " ".$this->db->idate($now).","; $sql.= " '".$this->url."', '".$this->target."',"; $sql.= " '".$this->db->escape($this->title)."', '".$this->favicon."', '".$this->position."'"; + $sql.= ", '".$conf->entity."'"; if ($this->fk_soc) $sql.=",".$this->fk_soc; $sql.= ")"; diff --git a/htdocs/bookmarks/liste.php b/htdocs/bookmarks/liste.php index c322360fb4a..d826c8053d0 100644 --- a/htdocs/bookmarks/liste.php +++ b/htdocs/bookmarks/liste.php @@ -73,6 +73,7 @@ $sql = "SELECT b.fk_soc as rowid, b.dateb, b.rowid as bid, b.fk_user, b.url, b.t $sql.= " u.login, u.lastname, u.firstname"; $sql.= " FROM ".MAIN_DB_PREFIX."bookmark as b LEFT JOIN ".MAIN_DB_PREFIX."user as u ON b.fk_user=u.rowid"; $sql.= " WHERE 1=1"; +$sql.= " AND b.entity = ".$conf->entity; if (! $user->admin) $sql.= " AND (b.fk_user = ".$user->id." OR b.fk_user is NULL OR b.fk_user = 0)"; $sql.= $db->order($sortfield.", position",$sortorder); $sql.= $db->plimit($limit, $offset); diff --git a/htdocs/core/boxes/box_bookmarks.php b/htdocs/core/boxes/box_bookmarks.php index f841786c8b8..4f3726d8946 100644 --- a/htdocs/core/boxes/box_bookmarks.php +++ b/htdocs/core/boxes/box_bookmarks.php @@ -47,7 +47,7 @@ class box_bookmarks extends ModeleBoxes */ function loadBox($max=5) { - global $user, $langs, $db; + global $user, $langs, $db, $conf; $langs->load("boxes"); $this->max=$max; @@ -70,6 +70,7 @@ class box_bookmarks extends ModeleBoxes $sql = "SELECT b.title, b.url, b.target, b.favicon"; $sql.= " FROM ".MAIN_DB_PREFIX."bookmark as b"; $sql.= " WHERE fk_user = ".$user->id; + $sql.= " AND b.entity = ".$conf->entity; $sql.= $db->order("position","ASC"); $sql.= $db->plimit($max, 0); diff --git a/htdocs/install/mysql/tables/llx_bookmark.sql b/htdocs/install/mysql/tables/llx_bookmark.sql index ac5309dde83..00e1627a9b6 100644 --- a/htdocs/install/mysql/tables/llx_bookmark.sql +++ b/htdocs/install/mysql/tables/llx_bookmark.sql @@ -26,5 +26,6 @@ create table llx_bookmark target varchar(16), title varchar(64), favicon varchar(24), - position integer DEFAULT 0 + position integer DEFAULT 0, + entity integer DEFAULT 1 NOT NULL -- multicompany ID )ENGINE=innodb; From 5e642f300924af6352895432cd6852060ff4ad90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Doursenaud?= Date: Tue, 10 Dec 2013 11:42:53 +0100 Subject: [PATCH 4/6] Bookmarks multicompany migration --- htdocs/install/mysql/migration/3.5.0-3.6.0.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/install/mysql/migration/3.5.0-3.6.0.sql b/htdocs/install/mysql/migration/3.5.0-3.6.0.sql index 8d894bfe54d..53d6198a849 100755 --- a/htdocs/install/mysql/migration/3.5.0-3.6.0.sql +++ b/htdocs/install/mysql/migration/3.5.0-3.6.0.sql @@ -17,4 +17,4 @@ -- -- VPGSQL8.2 DELETE FROM llx_usergroup_user WHERE fk_user NOT IN (SELECT rowid from llx_user); -- -- VMYSQL4.1 DELETE FROM llx_usergroup_user WHERE fk_usergroup NOT IN (SELECT rowid from llx_usergroup); - +ALTER TABLE llx_bookmark ADD COLUMN entity integer DEFAULT 1 NOT NULL; From add5a232ac90fa9a73b266a6b471e353ef03f524 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Doursenaud?= Date: Tue, 10 Dec 2013 11:58:19 +0100 Subject: [PATCH 5/6] Added some security assessments to bookmarks --- htdocs/bookmarks/fiche.php | 5 +++++ htdocs/bookmarks/liste.php | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/htdocs/bookmarks/fiche.php b/htdocs/bookmarks/fiche.php index d5caac4612e..67e2dd903c8 100644 --- a/htdocs/bookmarks/fiche.php +++ b/htdocs/bookmarks/fiche.php @@ -28,6 +28,11 @@ require_once DOL_DOCUMENT_ROOT.'/bookmarks/class/bookmark.class.php'; $langs->load("other"); +// Security check +if (! $user->rights->bookmark->lire) { + restrictedArea($user, 'bookmarks'); +} + $id=GETPOST("id"); $action=GETPOST("action","alpha"); $title=GETPOST("title","alpha"); diff --git a/htdocs/bookmarks/liste.php b/htdocs/bookmarks/liste.php index d826c8053d0..e3cd7f8af41 100644 --- a/htdocs/bookmarks/liste.php +++ b/htdocs/bookmarks/liste.php @@ -25,6 +25,11 @@ require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/bookmarks/class/bookmark.class.php'; +// Security check +if (! $user->rights->bookmark->lire) { + restrictedArea($user, 'bookmarks'); +} + $sortfield = GETPOST("sortfield",'alpha'); $sortorder = GETPOST("sortorder",'alpha'); $page = GETPOST("page",'int'); From 0d36435018232a9d30a30aafd91fe9a3abd7313f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Doursenaud?= Date: Tue, 10 Dec 2013 11:57:54 +0100 Subject: [PATCH 6/6] Added missing language loads for bookmarks --- htdocs/bookmarks/fiche.php | 1 + htdocs/bookmarks/liste.php | 1 + 2 files changed, 2 insertions(+) diff --git a/htdocs/bookmarks/fiche.php b/htdocs/bookmarks/fiche.php index 67e2dd903c8..fb5a78d21ed 100644 --- a/htdocs/bookmarks/fiche.php +++ b/htdocs/bookmarks/fiche.php @@ -26,6 +26,7 @@ require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/bookmarks/class/bookmark.class.php'; +$langs->load("bookmarks"); $langs->load("other"); // Security check diff --git a/htdocs/bookmarks/liste.php b/htdocs/bookmarks/liste.php index e3cd7f8af41..64bd28aabb4 100644 --- a/htdocs/bookmarks/liste.php +++ b/htdocs/bookmarks/liste.php @@ -24,6 +24,7 @@ require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/bookmarks/class/bookmark.class.php'; +$langs->load("bookmarks"); // Security check if (! $user->rights->bookmark->lire) {