header('Location: feature_disabled.php');
exit();
}
+if (!$user->exists()) {
+ header('Location: access_denied.php'); // No users in subgroup.
+ exit();
+}
+if ($request->isPost()) {
+ $cl_fav_report_id = (int) $request->getParameter('fav_report');
+ if (!ttFavReportHelper::get($cl_fav_report_id)) {
+ header('Location: access_denied.php'); // Invalid fav report id in post.
+ exit();
+ }
+}
+// End of access checks.
-$fav_reports = ttFavReportHelper::getReports($user->id);
+$fav_reports = ttFavReportHelper::getReports();
if ($request->isPost()) {
- $cl_fav_report = trim($request->getParameter('fav_report'));
$cl_cron_spec = trim($request->getParameter('cron_spec'));
$cl_email = trim($request->getParameter('email'));
$cl_cc = trim($request->getParameter('cc'));
$form->addInput(array('type'=>'combobox',
'name'=>'fav_report',
'style'=>'width: 250px;',
- 'value'=>$cl_fav_report,
+ 'value'=>$cl_fav_report_id,
'data'=>$fav_reports,
'datakeys'=>array('id','name'),
'empty'=>array(''=>$i18n->get('dropdown.select'))
if ($request->isPost()) {
// Validate user input.
- if (!$cl_fav_report) $err->add($i18n->get('error.report'));
+ if (!$cl_fav_report_id) $err->add($i18n->get('error.report'));
if (!ttValidCronSpec($cl_cron_spec)) $err->add($i18n->get('error.field'), $i18n->get('label.schedule'));
if (!ttValidEmail($cl_email)) $err->add($i18n->get('error.field'), $i18n->get('label.email'));
if (!ttValidEmail($cl_cc, true)) $err->add($i18n->get('error.field'), $i18n->get('label.cc'));
$next = tdCron::getNextOccurrence($cl_cron_spec, mktime());
if (ttNotificationHelper::insert(array(
- 'group_id' => $user->group_id,
'cron_spec' => $cl_cron_spec,
'next' => $next,
- 'report_id' => $cl_fav_report,
+ 'report_id' => $cl_fav_report_id,
'email' => $cl_email,
'cc' => $cl_cc,
'subject' => $cl_subject,