From 2da96fa165c607461c7f518a08cc4040f92801bb Mon Sep 17 00:00:00 2001 From: Nik Okuntseff Date: Sun, 2 Dec 2018 17:03:32 +0000 Subject: [PATCH] Refactored custom field option config pages. --- WEB-INF/templates/footer.tpl | 2 +- cf_dropdown_option_add.php | 10 ++++++---- cf_dropdown_option_delete.php | 20 ++++++++++---------- cf_dropdown_option_edit.php | 8 +++++--- plugins/CustomFields.class.php | 2 +- 5 files changed, 23 insertions(+), 19 deletions(-) diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index c391edf4..fab52975 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
-
 Anuko Time Tracker 1.18.29.4570 | Copyright © Anuko | +  Anuko Time Tracker 1.18.29.4571 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve} diff --git a/cf_dropdown_option_add.php b/cf_dropdown_option_add.php index 7b49424e..de598186 100644 --- a/cf_dropdown_option_add.php +++ b/cf_dropdown_option_add.php @@ -39,11 +39,13 @@ if (!$user->isPluginEnabled('cf')) { header('Location: feature_disabled.php'); exit(); } - -$cl_field_id = $request->getParameter('field_id'); +$cl_field_id = (int)$request->getParameter('field_id'); $field = CustomFields::getField($cl_field_id); -if (false === $field) - $err->add($i18n->get('error.db')); +if (!$field) { + header('Location: access_denied.php'); + exit(); +} +// End of access checks. $form = new Form('optionAddForm'); if ($err->no()) { diff --git a/cf_dropdown_option_delete.php b/cf_dropdown_option_delete.php index 4cb2aca8..999094e5 100644 --- a/cf_dropdown_option_delete.php +++ b/cf_dropdown_option_delete.php @@ -39,8 +39,14 @@ if (!$user->isPluginEnabled('cf')) { header('Location: feature_disabled.php'); exit(); } - $cl_id = $request->getParameter('id'); +$option = CustomFields::getOptionName($cl_id); +if (!$option) { + header('Location: access_denied.php'); + exit(); +} +// End of access checks. + $form = new Form('optionDeleteForm'); if ($request->isPost()) { @@ -62,15 +68,9 @@ if ($request->isPost()) { exit(); } } else { - $option = CustomFields::getOptionName($cl_id); - if (false === $option) - $err->add($i18n->get('error.db')); - - if ($err->no()) { - $form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_id)); - $form->addInput(array('type'=>'submit','name'=>'btn_delete','value'=>$i18n->get('label.delete'))); - $form->addInput(array('type'=>'submit','name'=>'btn_cancel','value'=>$i18n->get('button.cancel'))); - } + $form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_id)); + $form->addInput(array('type'=>'submit','name'=>'btn_delete','value'=>$i18n->get('label.delete'))); + $form->addInput(array('type'=>'submit','name'=>'btn_cancel','value'=>$i18n->get('button.cancel'))); } $smarty->assign('option', $option); diff --git a/cf_dropdown_option_edit.php b/cf_dropdown_option_edit.php index 5522accf..4f1103d7 100644 --- a/cf_dropdown_option_edit.php +++ b/cf_dropdown_option_edit.php @@ -39,11 +39,13 @@ if (!$user->isPluginEnabled('cf')) { header('Location: feature_disabled.php'); exit(); } - $cl_id = $request->getParameter('id'); $cl_name = CustomFields::getOptionName($cl_id); -if (false === $cl_name) - $err->add($i18n->get('error.db')); +if (!$cl_name) { + header('Location: access_denied.php'); + exit(); +} +// End of access checks. $form = new Form('optionEditForm'); if ($err->no()) { diff --git a/plugins/CustomFields.class.php b/plugins/CustomFields.class.php index a7945aba..d9762b58 100644 --- a/plugins/CustomFields.class.php +++ b/plugins/CustomFields.class.php @@ -227,7 +227,7 @@ class CustomFields { $org_id = $user->org_id; $sql = "select value from tt_custom_field_options". - " where id = $id and group_id = $group_id and org_id = $org_id"; + " where id = $id and group_id = $group_id and org_id = $org_id and status = 1"; $res = $mdb2->query($sql); if (!is_a($res, 'PEAR_Error')) { $val = $res->fetchRow(); -- 2.20.1