Changeset 727 for trunk/phpbms/include

Timestamp:

01/07/10 11:16:05 (2 years ago)

Author:

brieb

Message:

• Added more rights look ups to certain pages
• Fixed several path disclosure errors

Location:

trunk/phpbms/include

Files:

• createmodifiedby.php (modified) (3 diffs)
• tables.php (modified) (1 diff)

trunk/phpbms/include/createmodifiedby.php

@@ +1 @@
+<?php if(isset($db) && isset($therecord)){?>
 <div id="createmodifiedby" >
         <div id="savecancel2"><?php showSaveCancel(2)?></div>
@@ -6 +7 @@
                                 <input name="createdby" type="hidden" value="<?php $therecord["createdby"] ?>" />
                                 <input name="creationdate" type="hidden" value="<?php echo formatFromSQLDatetime($therecord["creationdate"]) ?>"/>
-                                created                 
+                                created
                         </td>
                         <td><?php echo htmlQuotes($phpbms->getUserName($therecord["createdby"]))?></td>
@@ -23 +24 @@
         </table>
 </div>
+<?php }//endif ?>

trunk/phpbms/include/tables.php

@@ -822 +822 @@
                     case "save":
 
+                        if(!hasRights($this->editroleid))
+                            goURL(APP_PATH."noaccess.php");
+                            
                         $variables = $this->prepareVariables($_POST);
                         $errorArray = $this->verifyVariables($variables);