<br>
<table cellspacing="0" cellpadding="4" width="100%" border="0">
<tr>
- <td align="center"> Anuko Time Tracker 1.17.7
3.4178 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+ <td align="center"> Anuko Time Tracker 1.17.7
4.4179 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
<a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
<a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
<a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
header('Location: feature_disabled.php');
exit();
}
+// End of access checks.
$projects = ttTeamHelper::getActiveProjects($user->team_id);
header('Location: feature_disabled.php');
exit();
}
-
$cl_task_id = (int)$request->getParameter('id');
$task = ttTaskHelper::get($cl_task_id);
+if (!$task) {
+ header('Location: access_denied.php');
+ exit();
+}
+// End of access checks.
+
$task_to_delete = $task['name'];
$form = new Form('taskDeleteForm');
header('Location: feature_disabled.php');
exit();
}
-
$cl_task_id = (int)$request->getParameter('id');
+$task = ttTaskHelper::get($cl_task_id);
+if (!$task) {
+ header('Location: access_denied.php');
+ exit();
+}
+// End of access checks.
+
$projects = ttTeamHelper::getActiveProjects($user->team_id);
if ($request->isPost()) {
$cl_status = $request->getParameter('status');
$cl_projects = $request->getParameter('projects');
} else {
- $task = ttTaskHelper::get($cl_task_id);
$cl_name = $task['name'];
$cl_description = $task['description'];
$cl_status = $task['status'];
-
$assigned_projects = ttTaskHelper::getAssignedProjects($cl_task_id);
foreach ($assigned_projects as $project_item)
$cl_projects[] = $project_item['id'];
header('Location: feature_disabled.php');
exit();
}
+// End of access checks.
$smarty->assign('active_tasks', ttTeamHelper::getActiveTasks($user->team_id));
$smarty->assign('inactive_tasks', ttTeamHelper::getInactiveTasks($user->team_id));
import('ttTimeHelper');
import('DateAndTime');
-// Access check.
+// Access checks.
if (!ttAccessAllowed('track_own_time')) {
header('Location: access_denied.php');
exit();
}
+// End of access checks.
// Initialize and store date in session.
$cl_date = $request->getParameter('date', @$_SESSION['date']);
exit();
}
$cl_id = (int)$request->getParameter('id');
-// Get the time record we are deleting.
$time_rec = ttTimeHelper::getRecord($cl_id, $user->getActiveUser());
if (!$time_rec || $time_rec['invoice_id']) {
// Prohibit deleting not ours or invoiced records.
header('Location: access_denied.php');
exit();
}
+// End of access checks.
// Escape comment for presentation.
$time_rec['comment'] = htmlspecialchars($time_rec['comment']);
import('ttTimeHelper');
import('DateAndTime');
-// Access check.
+// Access checks.
if (!ttAccessAllowed('track_own_time')) {
header('Location: access_denied.php');
exit();
}
$cl_id = (int)$request->getParameter('id');
-// Get the time record we are editing.
$time_rec = ttTimeHelper::getRecord($cl_id, $user->getActiveUser());
if (!$time_rec || $time_rec['invoice_id']) {
// Prohibit editing not ours or invoiced records.
header('Location: access_denied.php');
exit();
}
+// End of access checks.
// Use custom fields plugin if it is enabled.
if ($user->isPluginEnabled('cf')) {
import('form.Table');
import('form.TableColumn');
-// Access check.
+// Access checks.
if (!ttAccessAllowed('manage_users')) {
header('Location: access_denied.php');
exit();
}
+// End of access checks.
// Use the "limit" plugin if we have one. Ignore include errors.
// The "limit" plugin is not required for normal operation of the Time Tracker.
import('form.Form');
import('ttUserHelper');
-// Access check.
+// Access checks.
if (!ttAccessAllowed('manage_users')) {
header('Location: access_denied.php');
exit();
}
-$user_id = (int) $request->getParameter('id');
+$user_id = (int)$request->getParameter('id');
$user_details = $user->getUser($user_id);
if (!$user_details) {
header('Location: access_denied.php');
import('form.Table');
import('form.TableColumn');
-// Access check.
+// Access checks.
if (!ttAccessAllowed('manage_users')) {
header('Location: access_denied.php');
exit();
}
-$user_id = (int) $request->getParameter('id');
+$user_id = (int)$request->getParameter('id');
$user_details = $user->getUser($user_id);
if (!$user_details) {
header('Location: access_denied.php');
import('ttTeamHelper');
import('ttTimeHelper');
-// Access check.
+// Access checks.
if (!(ttAccessAllowed('view_users') || ttAccessAllowed('manage_users'))) {
header('Location: access_denied.php');
exit();
}
+// End of access checks.
// Get users.
$active_users = ttTeamHelper::getActiveUsers(array('getAllFields'=>true));
header('Location: feature_disabled.php');
exit();
}
+// End of access checks.
$projects = ttTeamHelper::getActiveProjects($user->team_id);
header('Location: feature_disabled.php');
exit();
}
-
$cl_task_id = (int)$request->getParameter('id');
$task = ttTaskHelper::get($cl_task_id);
+if (!$task) {
+ header('Location: access_denied.php');
+ exit();
+}
+// End of access checks.
+
$task_to_delete = $task['name'];
$form = new Form('taskDeleteForm');
header('Location: feature_disabled.php');
exit();
}
-
$cl_task_id = (int)$request->getParameter('id');
+$task = ttTaskHelper::get($cl_task_id);
+if (!$task) {
+ header('Location: access_denied.php');
+ exit();
+}
+// End of access checks.
+
$projects = ttTeamHelper::getActiveProjects($user->team_id);
if ($request->isPost()) {
$cl_status = $request->getParameter('status');
$cl_projects = $request->getParameter('projects');
} else {
- $task = ttTaskHelper::get($cl_task_id);
$cl_name = $task['name'];
$cl_description = $task['description'];
$cl_status = $task['status'];
-
$assigned_projects = ttTaskHelper::getAssignedProjects($cl_task_id);
foreach ($assigned_projects as $project_item)
$cl_projects[] = $project_item['id'];
header('Location: feature_disabled.php');
exit();
}
+// End of access checks.
$smarty->assign('active_tasks', ttTeamHelper::getActiveTasks($user->team_id));
$smarty->assign('inactive_tasks', ttTeamHelper::getInactiveTasks($user->team_id));
import('ttTimeHelper');
import('DateAndTime');
-// This is a now removed check whether user browser supports cookies.
-// if (!isset($_COOKIE['tt_PHPSESSID'])) {
- // This test gives a false-positive if user goes directly to this page
- // as from a desktop shortcut (on first request only).
- // die ("Your browser's cookie functionality is turned off. Please turn it on.");
-// }
-
// Access checks.
if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
header('Location: access_denied.php');
header('Location: access_denied.php'); // Trying as self, but no right for self, and noone to work on behalf.
exit();
}
+// End of access checks.
// Initialize and store date in session.
$cl_date = $request->getParameter('date', @$_SESSION['date']);
exit();
}
$cl_id = (int)$request->getParameter('id');
-// Get the time record we are deleting.
$time_rec = ttTimeHelper::getRecord($cl_id, $user->getActiveUser());
if (!$time_rec || $time_rec['invoice_id']) {
// Prohibit deleting not ours or invoiced records.
header('Location: access_denied.php');
exit();
}
+// End of access checks.
// Escape comment for presentation.
$time_rec['comment'] = htmlspecialchars($time_rec['comment']);
exit();
}
$cl_id = (int)$request->getParameter('id');
-// Get the time record we are editing.
$time_rec = ttTimeHelper::getRecord($cl_id, $user->getActiveUser());
if (!$time_rec || $time_rec['invoice_id']) {
// Prohibit editing not ours or invoiced records.
header('Location: access_denied.php');
exit();
}
+// End of access checks.
// Use custom fields plugin if it is enabled.
if ($user->isPluginEnabled('cf')) {
import('form.ActionForm');
import('ttReportHelper');
-// Access check.
+// Access checks.
if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports'))) {
header('Location: access_denied.php');
exit();
}
+// End of access checks.
// Use custom fields plugin if it is enabled.
if ($user->isPluginEnabled('cf')) {
import('form.ActionForm');
import('ttReportHelper');
-// Access check.
+// Access checks.
if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports'))) {
header('Location: access_denied.php');
exit();
}
+// End of access checks.
// Check whether TCPDF library is available.
if (!file_exists('WEB-INF/lib/tcpdf/'))
import('form.TableColumn');
import('ttRoleHelper');
-// Access check.
+// Access checks.
if (!ttAccessAllowed('manage_users')) {
header('Location: access_denied.php');
exit();
}
+// End of access checks.
// Use the "limit" plugin if we have one. Ignore include errors.
// The "limit" plugin is not required for normal operation of the Time Tracker.
header('Location: access_denied.php');
exit();
}
-$user_id = (int) $request->getParameter('id');
+$user_id = (int)$request->getParameter('id');
$user_details = $user->getUser($user_id);
if (!$user_details) {
header('Location: access_denied.php');
header('Location: access_denied.php');
exit();
}
-$user_id = (int) $request->getParameter('id');
+$user_id = (int)$request->getParameter('id');
$user_details = $user->getUser($user_id);
if (!$user_details) {
header('Location: access_denied.php');
import('ttTimeHelper');
import('ttRoleHelper');
-// Access check.
+// Access checks.
if (!(ttAccessAllowed('view_users') || ttAccessAllowed('manage_users'))) {
header('Location: access_denied.php');
exit();
}
+// End of access checks.
// Prepare a list of active users.
if ($user->can('view_users'))
header('Location: access_denied.php'); // Trying as self, but no right for self, and noone to work on behalf.
exit();
}
+// End of access checks.
// Initialize and store date in session.
$cl_date = $request->getParameter('date', @$_SESSION['date']);
projects / timetracker.git / commitdiff