*/
return $options;
}
+
+ // verifyBean is a security function to make sure data in bean makes sense for a group.
+ static function verifyBean($bean) {
+ global $user;
+
+ // Check users.
+ $users_in_bean = $bean->getAttribute('users');
+ if (is_array($users_in_bean)) {
+ $users_in_group = ttTeamHelper::getUsers();
+ foreach ($users_in_group as $user_in_group) {
+ $valid_ids[] = $user_in_group['id'];
+ }
+ foreach ($users_in_bean as $user_in_bean) {
+ if (!in_array($user_in_bean, $valid_ids)) {
+ return false;
+ }
+ }
+ }
+
+ // TODO: add additional checks here. Perhaps do it before saving the bean for consistency.
+ return true;
+ }
}
<br>
<table cellspacing="0" cellpadding="4" width="100%" border="0">
<tr>
- <td align="center"> Anuko Time Tracker 1.17.93.4292 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+ <td align="center"> Anuko Time Tracker 1.17.94.4293 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
<a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
<a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
<a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
import('ttProjectHelper');
import('ttFavReportHelper');
import('ttClientHelper');
+import('ttReportHelper');
// Access check.
if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports') || ttAccessAllowed('view_all_reports'))) {
}
$bean->saveBean();
+ // Check some more values. TODO: Perhaps it's not a good place to check values, re-evaluate this.
+ // Also make sure other post variations are sane.
+ if (!ttReportHelper::verifyBean($bean)) $err->add($i18n->get('error.sys'));
if ($err->no()) {
// Now we can go ahead and create a report.