From 35727570b2274aca4f0d816372dabfc93d00cf2d Mon Sep 17 00:00:00 2001 From: Nik Okuntseff Date: Sat, 8 Dec 2018 22:50:43 +0000 Subject: [PATCH] Refactored predefined expenses config for subgroups. --- WEB-INF/templates/footer.tpl | 2 +- WEB-INF/templates/predefined_expense_add.tpl | 2 +- WEB-INF/templates/predefined_expense_edit.tpl | 2 +- predefined_expense_delete.php | 17 ++++++++++------- predefined_expense_edit.php | 8 ++++++-- predefined_expenses.php | 1 + 6 files changed, 20 insertions(+), 12 deletions(-) diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index 507e6e5a..ed2a2f05 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
- - + diff --git a/WEB-INF/templates/predefined_expense_edit.tpl b/WEB-INF/templates/predefined_expense_edit.tpl index c9947aec..f53b512a 100644 --- a/WEB-INF/templates/predefined_expense_edit.tpl +++ b/WEB-INF/templates/predefined_expense_edit.tpl @@ -9,7 +9,7 @@ - + diff --git a/predefined_expense_delete.php b/predefined_expense_delete.php index 9b445032..d8fc057f 100644 --- a/predefined_expense_delete.php +++ b/predefined_expense_delete.php @@ -39,9 +39,15 @@ if (!$user->isPluginEnabled('ex')) { header('Location: feature_disabled.php'); exit(); } - $cl_predefined_expense_id = (int)$request->getParameter('id'); $predefined_expense = ttPredefinedExpenseHelper::get($cl_predefined_expense_id); +if (!$predefined_expense) { + header('Location: access_denied.php'); + exit(); +} +// End of access checks. + + $predefined_expense_to_delete = $predefined_expense['name']; $form = new Form('predefinedExpenseDeleteForm'); @@ -51,12 +57,9 @@ $form->addInput(array('type'=>'submit','name'=>'btn_cancel','value'=>$i18n->get( if ($request->isPost()) { if ($request->getParameter('btn_delete')) { - if(ttPredefinedExpenseHelper::get($cl_predefined_expense_id)) { - if (ttPredefinedExpenseHelper::delete($cl_predefined_expense_id)) { - header('Location: predefined_expenses.php'); - exit(); - } else - $err->add($i18n->get('error.db')); + if (ttPredefinedExpenseHelper::delete($cl_predefined_expense_id)) { + header('Location: predefined_expenses.php'); + exit(); } else $err->add($i18n->get('error.db')); } elseif ($request->getParameter('btn_cancel')) { diff --git a/predefined_expense_edit.php b/predefined_expense_edit.php index ab2299c0..3f0cb0c8 100644 --- a/predefined_expense_edit.php +++ b/predefined_expense_edit.php @@ -39,14 +39,18 @@ if (!$user->isPluginEnabled('ex')) { header('Location: feature_disabled.php'); exit(); } - $predefined_expense_id = (int) $request->getParameter('id'); +$predefined_expense = ttPredefinedExpenseHelper::get($predefined_expense_id); +if (!$predefined_expense) { + header('Location: access_denied.php'); + exit(); +} +// End of access checks. if ($request->isPost()) { $cl_name = trim($request->getParameter('name')); $cl_cost = trim($request->getParameter('cost')); } else { - $predefined_expense = ttPredefinedExpenseHelper::get($predefined_expense_id); $cl_name = $predefined_expense['name']; $cl_cost = $predefined_expense['cost']; } diff --git a/predefined_expenses.php b/predefined_expenses.php index 99c2c899..e1c14d80 100644 --- a/predefined_expenses.php +++ b/predefined_expenses.php @@ -39,6 +39,7 @@ if (!$user->isPluginEnabled('ex')) { header('Location: feature_disabled.php'); exit(); } +// End of access checks. $form = new Form('predefinedExpensesForm'); -- 2.20.1
 Anuko Time Tracker 1.18.29.4616 | Copyright © Anuko | +  Anuko Time Tracker 1.18.29.4617 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve} diff --git a/WEB-INF/templates/predefined_expense_add.tpl b/WEB-INF/templates/predefined_expense_add.tpl index 1bb788df..fd2983a7 100644 --- a/WEB-INF/templates/predefined_expense_add.tpl +++ b/WEB-INF/templates/predefined_expense_add.tpl @@ -9,7 +9,7 @@
{$i18n.label.cost} (*):{$forms.predefinedExpenseForm.cost.control} {$user->currency|escape}{$forms.predefinedExpenseForm.cost.control} {$user->getCurrency()|escape}
{$i18n.label.cost} (*):{$forms.predefinedExpenseForm.cost.control} {$user->currency|escape}{$forms.predefinedExpenseForm.cost.control} {$user->getCurrency()|escape}