Révision 7ea27b0d
Ajouté par Renato Botelho il y a plus de 9 ans
usr/local/www/system_groupmanager.php | ||
---|---|---|
53 | 53 |
|
54 | 54 |
$a_group = &$config['system']['group']; |
55 | 55 |
|
56 |
$id = $_GET['id'];
|
|
57 |
if (isset($_POST['id'])) |
|
58 |
$id = $_POST['id']; |
|
56 |
unset($id);
|
|
57 |
if (isset($_POST['groupid']) && is_numericint($_POST['groupid']))
|
|
58 |
$id = $_POST['groupid'];
|
|
59 | 59 |
|
60 |
if ($_GET['act'] == "delgroup") {
|
|
60 |
$act = (isset($_POST['act']) ? $_POST['act'] : '');
|
|
61 | 61 |
|
62 |
if (!$a_group[$_GET['id']]) { |
|
62 |
if ($act == "delgroup") { |
|
63 |
|
|
64 |
if (!isset($id) || !isset($_POST['groupname']) || !isset($a_group[$id]) || ($_POST['groupname'] != $a_group[$id]['name'])) { |
|
63 | 65 |
pfSenseHeader("system_groupmanager.php"); |
64 | 66 |
exit; |
65 | 67 |
} |
66 | 68 |
|
67 | 69 |
conf_mount_rw(); |
68 |
local_group_del($a_group[$_GET['id']]);
|
|
70 |
local_group_del($a_group[$id]);
|
|
69 | 71 |
conf_mount_ro(); |
70 |
$groupdeleted = $a_group[$_GET['id']]['name'];
|
|
71 |
unset($a_group[$_GET['id']]);
|
|
72 |
$groupdeleted = $a_group[$id]['name'];
|
|
73 |
unset($a_group[$id]);
|
|
72 | 74 |
write_config(); |
73 | 75 |
$savemsg = gettext("Group")." {$groupdeleted} ". |
74 |
gettext("successfully deleted")."<br />";
|
|
76 |
gettext("successfully deleted")."<br />"; |
|
75 | 77 |
} |
76 | 78 |
|
77 |
if ($_GET['act'] == "delpriv") {
|
|
79 |
if ($act == "delpriv") {
|
|
78 | 80 |
|
79 |
if (!$a_group[$_GET['id']]) {
|
|
81 |
if (!isset($id) || !isset($a_group[$id])) {
|
|
80 | 82 |
pfSenseHeader("system_groupmanager.php"); |
81 | 83 |
exit; |
82 | 84 |
} |
83 | 85 |
|
84 |
$privdeleted = $priv_list[$a_group[$id]['priv'][$_GET['privid']]]['name'];
|
|
85 |
unset($a_group[$id]['priv'][$_GET['privid']]);
|
|
86 |
$privdeleted = $priv_list[$a_group[$id]['priv'][$_POST['privid']]]['name'];
|
|
87 |
unset($a_group[$id]['priv'][$_POST['privid']]);
|
|
86 | 88 |
|
87 | 89 |
if (is_array($a_group[$id]['member'])) { |
88 | 90 |
foreach ($a_group[$id]['member'] as $uid) { |
... | ... | |
93 | 95 |
} |
94 | 96 |
|
95 | 97 |
write_config(); |
96 |
$_GET['act'] = "edit";
|
|
98 |
$act = "edit";
|
|
97 | 99 |
$savemsg = gettext("Privilege")." {$privdeleted} ". |
98 | 100 |
gettext("successfully deleted")."<br />"; |
99 | 101 |
} |
100 | 102 |
|
101 |
if($_GET['act']=="edit"){
|
|
102 |
if (isset($id) && $a_group[$id]) {
|
|
103 |
if ($act == "edit") {
|
|
104 |
if (isset($id) && isset($a_group[$id])) {
|
|
103 | 105 |
$pconfig['name'] = $a_group[$id]['name']; |
104 | 106 |
$pconfig['gid'] = $a_group[$id]['gid']; |
105 | 107 |
$pconfig['gtype'] = $a_group[$id]['scope']; |
... | ... | |
109 | 111 |
} |
110 | 112 |
} |
111 | 113 |
|
112 |
if ($_POST) {
|
|
114 |
if (isset($_POST['save'])) {
|
|
113 | 115 |
|
114 | 116 |
unset($input_errors); |
115 | 117 |
$pconfig = $_POST; |
... | ... | |
263 | 265 |
<div class="tabcont"> |
264 | 266 |
|
265 | 267 |
<?php |
266 |
if($_GET['act']=="new" || $_GET['act']=="edit"):
|
|
268 |
if($act == "new" || $act == "edit"):
|
|
267 | 269 |
?> |
268 | 270 |
<form action="system_groupmanager.php" method="post" name="iform" id="iform" onsubmit="presubmit()"> |
271 |
<input type="hidden" id="act" name="act" value="" /> |
|
272 |
<input type="hidden" id="groupid" name="groupid" value="<?=(isset($id) ? $id : '');?>" /> |
|
273 |
<input type="hidden" id="privid" name="privid" value="" /> |
|
269 | 274 |
<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area"> |
270 | 275 |
<?php |
271 | 276 |
$ro = ""; |
... | ... | |
362 | 367 |
</tr> |
363 | 368 |
<?php |
364 | 369 |
endif; |
365 |
if($_GET['act'] != "new"):
|
|
370 |
if ($act != "new"):
|
|
366 | 371 |
?> |
367 | 372 |
<tr> |
368 | 373 |
<td width="22%" valign="top" class="vncell"><?=gettext("Assigned Privileges");?></td> |
... | ... | |
386 | 391 |
<?=htmlspecialchars($priv_list[$priv]['descr']);?> |
387 | 392 |
</td> |
388 | 393 |
<td valign="middle" class="list nowrap"> |
389 |
<a href="system_groupmanager.php?act=delpriv&id=<?=htmlspecialchars($id)?>&privid=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this privilege?");?>')"> |
|
390 |
<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="delete" /> |
|
391 |
</a> |
|
394 |
<input type="image" name="delpriv[]" width="17" height="17" border="0" |
|
395 |
src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" |
|
396 |
onclick="document.getElementById('privid').value='<?=$i;?>'; |
|
397 |
document.getElementById('groupid').value='<?=$id;?>'; |
|
398 |
document.getElementById('act').value='<?php echo "delpriv";?>'; |
|
399 |
return confirm('<?=gettext("Do you really want to delete this privilege?");?>');" |
|
400 |
title="<?=gettext("delete privilege");?>" /> |
|
392 | 401 |
</td> |
393 | 402 |
</tr> |
394 | 403 |
<?php |
... | ... | |
428 | 437 |
<?php |
429 | 438 |
else: |
430 | 439 |
?> |
431 |
<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary=""> |
|
432 |
<thead> |
|
433 |
<tr> |
|
434 |
<th width="25%" class="listhdrr"><?=gettext("Group name");?></th> |
|
435 |
<th width="25%" class="listhdrr"><?=gettext("Description");?></th> |
|
436 |
<th width="30%" class="listhdrr"><?=gettext("Member Count");?></th> |
|
437 |
<th width="10%" class="list"></th> |
|
438 |
</tr> |
|
439 |
</thead> |
|
440 |
<tfoot> |
|
441 |
<tr> |
|
442 |
<td class="list" colspan="3"></td> |
|
443 |
<td class="list"> |
|
444 |
<a href="system_groupmanager.php?act=new"><img src="./themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add group");?>" width="17" height="17" border="0" alt="add" /> |
|
445 |
</a> |
|
446 |
</td> |
|
447 |
</tr> |
|
448 |
<tr> |
|
449 |
<td colspan="3"> |
|
450 |
<p> |
|
451 |
<?=gettext("Additional webConfigurator groups can be added here. |
|
452 |
Group permissions can be assigned which are inherited by users who are members of the group. |
|
453 |
An icon that appears grey indicates that it is a system defined object. |
|
454 |
Some system object properties can be modified but they cannot be deleted.");?> |
|
455 |
</p> |
|
456 |
</td> |
|
457 |
</tr> |
|
458 |
</tfoot> |
|
459 |
<tbody> |
|
440 |
<form action="system_groupmanager.php" method="post" name="iform2" id="iform2"> |
|
441 |
<input type="hidden" id="act" name="act" value="" /> |
|
442 |
<input type="hidden" id="groupid" name="groupid" value="<?=(isset($id) ? $id : '');?>" /> |
|
443 |
<input type="hidden" id="groupname" name="groupname" value="" /> |
|
444 |
<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary=""> |
|
445 |
<thead> |
|
446 |
<tr> |
|
447 |
<th width="25%" class="listhdrr"><?=gettext("Group name");?></th> |
|
448 |
<th width="25%" class="listhdrr"><?=gettext("Description");?></th> |
|
449 |
<th width="30%" class="listhdrr"><?=gettext("Member Count");?></th> |
|
450 |
<th width="10%" class="list"></th> |
|
451 |
</tr> |
|
452 |
</thead> |
|
453 |
<tfoot> |
|
454 |
<tr> |
|
455 |
<td class="list" colspan="3"></td> |
|
456 |
<td class="list"> |
|
457 |
<input type="image" name="addcert" width="17" height="17" border="0" |
|
458 |
src="/themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" |
|
459 |
onclick="document.getElementById('act').value='<?php echo "new";?>';" |
|
460 |
title="<?=gettext("add group");?>" /> |
|
461 |
</td> |
|
462 |
</tr> |
|
463 |
<tr> |
|
464 |
<td colspan="3"> |
|
465 |
<p> |
|
466 |
<?=gettext("Additional webConfigurator groups can be added here. |
|
467 |
Group permissions can be assigned which are inherited by users who are members of the group. |
|
468 |
An icon that appears grey indicates that it is a system defined object. |
|
469 |
Some system object properties can be modified but they cannot be deleted.");?> |
|
470 |
</p> |
|
471 |
</td> |
|
472 |
</tr> |
|
473 |
</tfoot> |
|
474 |
<tbody> |
|
460 | 475 |
<?php |
461 |
$i = 0; |
|
462 |
foreach($a_group as $group): |
|
463 |
if($group['scope'] == "system") |
|
464 |
$grpimg = "/themes/{$g['theme']}/images/icons/icon_system-group-grey.png"; |
|
465 |
else |
|
466 |
$grpimg = "/themes/{$g['theme']}/images/icons/icon_system-group.png"; |
|
467 |
$groupcount = count($group['member']); |
|
468 |
if ($group["name"] == "all") |
|
469 |
$groupcount = count($config['system']['user']); |
|
476 |
$i = 0;
|
|
477 |
foreach($a_group as $group):
|
|
478 |
if($group['scope'] == "system")
|
|
479 |
$grpimg = "/themes/{$g['theme']}/images/icons/icon_system-group-grey.png";
|
|
480 |
else
|
|
481 |
$grpimg = "/themes/{$g['theme']}/images/icons/icon_system-group.png";
|
|
482 |
$groupcount = count($group['member']);
|
|
483 |
if ($group["name"] == "all")
|
|
484 |
$groupcount = count($config['system']['user']);
|
|
470 | 485 |
?> |
471 |
<tr ondblclick="document.location='system_groupmanager.php?act=edit&id=<?=$i;?>'"> |
|
472 |
<td class="listlr"> |
|
473 |
<table border="0" cellpadding="0" cellspacing="0" summary=""> |
|
474 |
<tr> |
|
475 |
<td align="left" valign="middle"> |
|
476 |
<img src="<?=$grpimg;?>" alt="<?=gettext("User");?>" title="<?=gettext("User");?>" border="0" height="16" width="16" /> |
|
477 |
</td> |
|
478 |
<td align="left" valign="middle"> |
|
479 |
<?=htmlspecialchars($group['name']); ?> |
|
480 |
</td> |
|
481 |
</tr> |
|
482 |
</table> |
|
483 |
</td> |
|
484 |
<td class="listr"> |
|
485 |
<?=htmlspecialchars($group['description']);?> |
|
486 |
</td> |
|
487 |
<td class="listbg"> |
|
488 |
<?=$groupcount;?> |
|
489 |
</td> |
|
490 |
<td valign="middle" class="list nowrap"> |
|
491 |
<a href="system_groupmanager.php?act=edit&id=<?=$i;?>"> |
|
492 |
<img src="./themes/<?=$g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit group");?>" width="17" height="17" border="0" alt="edit" /> |
|
493 |
</a> |
|
494 |
|
|
486 |
<tr ondblclick="document.getElementById('act').value='<?php echo "edit";?>'; |
|
487 |
document.getElementById('groupid').value='<?=$i;?>'; |
|
488 |
document.iform2.submit();"> |
|
489 |
<td class="listlr"> |
|
490 |
<table border="0" cellpadding="0" cellspacing="0" summary=""> |
|
491 |
<tr> |
|
492 |
<td align="left" valign="middle"> |
|
493 |
<img src="<?=$grpimg;?>" alt="<?=gettext("User");?>" title="<?=gettext("User");?>" border="0" height="16" width="16" /> |
|
494 |
</td> |
|
495 |
<td align="left" valign="middle"> |
|
496 |
<?=htmlspecialchars($group['name']); ?> |
|
497 |
</td> |
|
498 |
</tr> |
|
499 |
</table> |
|
500 |
</td> |
|
501 |
<td class="listr"> |
|
502 |
<?=htmlspecialchars($group['description']);?> |
|
503 |
</td> |
|
504 |
<td class="listbg"> |
|
505 |
<?=$groupcount;?> |
|
506 |
</td> |
|
507 |
<td valign="middle" class="list nowrap"> |
|
508 |
<input type="image" name="editgroup[]" width="17" height="17" border="0" |
|
509 |
src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif" |
|
510 |
onclick="document.getElementById('groupid').value='<?=$i;?>'; |
|
511 |
document.getElementById('act').value='<?php echo "edit";?>';" |
|
512 |
title="<?=gettext("edit group");?>" /> |
|
513 |
|
|
495 | 514 |
<?php |
496 |
if($group['scope'] != "system"): |
|
515 |
if($group['scope'] != "system"):
|
|
497 | 516 |
?> |
498 |
<a href="system_groupmanager.php?act=delgroup&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this group?"); ?>')"> |
|
499 |
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete group"); ?>" width="17" height="17" border="0" alt="delete" /> |
|
500 |
</a> |
|
517 |
<input type="image" name="delgroup[]" width="17" height="17" border="0" |
|
518 |
src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" |
|
519 |
onclick="document.getElementById('groupid').value='<?=$i;?>'; |
|
520 |
document.getElementById('groupname').value='<?=$group['name'];?>'; |
|
521 |
document.getElementById('act').value='<?php echo "delgroup";?>'; |
|
522 |
return confirm('<?=gettext("Do you really want to delete this group?");?>');" |
|
523 |
title="<?=gettext("delete group");?>" /> |
|
501 | 524 |
<?php |
502 |
endif; |
|
525 |
endif;
|
|
503 | 526 |
?> |
504 |
</td> |
|
505 |
</tr> |
|
527 |
</td>
|
|
528 |
</tr>
|
|
506 | 529 |
<?php |
507 |
$i++; |
|
508 |
endforeach; |
|
530 |
$i++;
|
|
531 |
endforeach;
|
|
509 | 532 |
?> |
510 |
</tbody> |
|
511 |
</table> |
|
533 |
</tbody> |
|
534 |
</table> |
|
535 |
</form> |
|
512 | 536 |
<?php |
513 | 537 |
endif; |
514 | 538 |
?> |
Formats disponibles : Unified diff
Be more strict on removing groups checking group id and group name, it avoids issues like happened to users on ticket #3856. While I'm here, replace GET by POST