"; Index: trunk/admin/install.php =================================================================== diff -u -r4903 -r5431 --- trunk/admin/install.php (.../install.php) (revision 4903) +++ trunk/admin/install.php (.../install.php) (revision 5431) @@ -709,8 +709,7 @@ $objThemes->CreateMissingThemes(false); $css_hash = $application->Conn->GetCol('SELECT LOWER(Name) AS Name, StylesheetId FROM '.TABLE_PREFIX.'Stylesheets', 'StylesheetId'); - - $application->setUnitOption('css', 'AutoLoad', false); + $css_table = $application->getUnitOption('css','TableName'); $css_idfield = $application->getUnitOption('css','IDField'); @@ -720,7 +719,7 @@ $theme_update_sql = 'UPDATE '.$theme_table.' SET '.$css_idfield.' = %s WHERE LOWER(Name) = %s'; foreach($css_hash as $stylesheet_id => $theme_name) { - $css_item =& $application->recallObject('css'); + $css_item =& $application->recallObject('css', null, Array('skip_autoload' => true)); $css_item->Load($stylesheet_id); $css_item->Compile(); $application->Conn->Query( sprintf($theme_update_sql, $stylesheet_id, $application->Conn->qstr( getArrayValue($css_hash,$stylesheet_id) ) ) ); @@ -1356,7 +1355,9 @@ else { $pass = md5($pass); - $sql = "UPDATE ".$g_TablePrefix."ConfigurationValues SET VariableValue = '$pass' WHERE VariableName='RootPass' OR VariableName='RootPassVerify'"; + $sql = ' UPDATE '.$g_TablePrefix.'ConfigurationValues + SET VariableValue = '.$ado->qstr($pass).' + WHERE VariableName = "RootPass";'; $ado =& inst_GetADODBConnection(); $ado->Execute($sql); $state="modselect"; Index: trunk/kernel/include/usersession.php =================================================================== diff -u -r5218 -r5431 --- trunk/kernel/include/usersession.php (.../usersession.php) (revision 5218) +++ trunk/kernel/include/usersession.php (.../usersession.php) (revision 5431) @@ -475,6 +475,7 @@ { $application =& kApplication::Instance(); $application->setVisitField('PortalUserId', $this->Get('PortalUserId') ); + $application->SetVar('u_id', $this->Get('PortalUserId')); } // unset($this->CurrentUser); @@ -510,20 +511,19 @@ $extra_groups = implode(',', $GroupList); $this->SetVariable('UserGroups', $extra_groups); - + $this->Set('GroupId', $PersonalGroup ? $PersonalGroup : $PrimaryGroup); $this->Set('GroupList', $extra_groups); $this->SetVariable('UserGroups', $this->Get('GroupList') ); - if( class_exists('kApplication') ) - { - $app = kApplication::Instance(); - $kSession = $app->recallObject('Session'); - $kSession->SetField('GroupList', $extra_groups); - $app->StoreVar('UserGroups', $this->Get('GroupList') ); - $app->setVisitField('PortalUserId', $this->Get('PortalUserId') ); - } + + $app = kApplication::Instance(); + $kSession = $app->recallObject('Session'); + $kSession->SetField('GroupList', $extra_groups); + $app->StoreVar('UserGroups', $this->Get('GroupList') ); + $app->setVisitField('PortalUserId', $this->Get('PortalUserId') ); + $this->Set('LastAccessed', adodb_date('U') ); $this_login = $this->GetPersistantVariable("ThisLogin"); Index: trunk/kernel/units/users/users_event_handler.php =================================================================== diff -u -r5194 -r5431 --- trunk/kernel/units/users/users_event_handler.php (.../users_event_handler.php) (revision 5194) +++ trunk/kernel/units/users/users_event_handler.php (.../users_event_handler.php) (revision 5431) @@ -10,6 +10,9 @@ { parent::mapPermissions(); $permissions = Array( + // admin + 'OnSetPersistantVariable' => Array('self' => 'view'), // because setting to logged in user only + // front 'OnRefreshForm' => Array('self' => true), @@ -101,8 +104,7 @@ */ function OnLogin(&$event) { - $this->Application->setUnitOption($event->Prefix, 'AutoLoad', false); - $object =& $this->Application->recallObject('u'); + $object =& $this->Application->recallObject('u', null, Array('skip_autoload' => true)); $password = $this->Application->GetVar('password'); if(!$password) @@ -260,6 +262,11 @@ { $sync_manager =& $this->Application->recallObjectP('UsersSyncronizeManager', null, Array(), 'InPortalSyncronize'); $sync_manager->performAction('LoginUser', $event->getEventParam('user'), $event->getEventParam('pass') ); + + if ($event->redirect && is_string($event->redirect)) { + // some real template specified instead of true + $this->Application->Redirect($event->redirect, $event->redirect_params); + } } /** @@ -443,7 +450,6 @@ $object =& $event->getObject( Array('skip_autoload' => true) ); $this->Application->SetVar('u_id', $object->getID() ); - $this->Application->setUnitOption('u', 'AutoLoad', true); $this->setNextTemplate($event); @@ -462,8 +468,7 @@ */ function setUserStatus(&$event) { - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject(); + $object =& $event->getObject( Array('skip_autoload' => true) ); $new_users_allowed = $this->Application->ConfigValue('User_Allow_New'); // 1 - Instant, 2 - Not Allowed, 3 - Pending @@ -579,8 +584,7 @@ */ function OnUpdateAddress(&$event) { - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject(); + $object =& $event->getObject( Array('skip_autoload' => true) ); $items_info = $this->Application->GetVar( $event->getPrefixSpecial(true) ); if($items_info) @@ -599,10 +603,9 @@ $user_email = $this->Application->GetVar('subscriber_email'); if ( preg_match("/^[_a-zA-Z0-9-\.]+@[a-zA-Z0-9-\.]+\.[a-z]{2,4}$/", $user_email) ){ + + $object = &$this->Application->recallObject($this->Prefix.'.subscriber', null, Array('skip_autoload' => true)); - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object = &$this->Application->recallObject($this->Prefix.'.subscriber'); - $this->Application->StoreVar('SubscriberEmail', $user_email); if( $object->Load(array('Email'=>$user_email)) ){ @@ -635,8 +638,7 @@ function OnSubscribeUser(&$event){ - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object = &$this->Application->recallObject($this->Prefix.'.subscriber'); + $object = &$this->Application->recallObject($this->Prefix.'.subscriber', Array('skip_autoload' => true)); $user_email = $this->Application->RecallVar('SubscriberEmail'); @@ -727,8 +729,7 @@ function OnForgotPassword(&$event){ - $this->Application->setUnitOption('u', 'AutoLoad', false); - $user_object = &$this->Application->recallObject('u.forgot'); + $user_object = &$this->Application->recallObject('u.forgot', null, Array('skip_autoload' => true)); $user_current_object = &$this->Application->recallObject('u'); $username = $this->Application->GetVar('username'); Index: trunk/core/units/groups/groups_config.php =================================================================== diff -u -r5272 -r5431 --- trunk/core/units/groups/groups_config.php (.../groups_config.php) (revision 5272) +++ trunk/core/units/groups/groups_config.php (.../groups_config.php) (revision 5431) @@ -50,7 +50,7 @@ 'icon' => 'usergroups', 'label' => 'la_tab_User_Groups', 'url' => Array('t' => 'groups/groups_list', 'pass' => 'm'), - 'permissions' => Array('view', 'add', 'edit', 'delete', 'advanced:send_email'), + 'permissions' => Array('view', 'add', 'edit', 'delete', 'advanced:send_email', 'advanced:manage_permissions'), 'priority' => 2, 'type' => stTREE, ), Index: trunk/kernel/units/admin/admin_config.php =================================================================== diff -u -r5110 -r5431 --- trunk/kernel/units/admin/admin_config.php (.../admin_config.php) (revision 5110) +++ trunk/kernel/units/admin/admin_config.php (.../admin_config.php) (revision 5431) @@ -24,7 +24,7 @@ 'icon' => 'site', 'label' => $this->Application->ConfigValue('Site_Name'), 'url' => Array('t' => 'sections_list', 'pass' => 'm', 'pass_section' => true, 'no_amp' => 1), - 'permissions' => Array('view', 'advanced:admin_login', 'advanced:front_login'), + 'permissions' => Array('advanced:admin_login', 'advanced:front_login'), 'priority' => 0, 'type' => stTREE, ), Index: trunk/core/units/phrases/phrases_event_handler.php =================================================================== diff -u -r3282 -r5431 --- trunk/core/units/phrases/phrases_event_handler.php (.../phrases_event_handler.php) (revision 3282) +++ trunk/core/units/phrases/phrases_event_handler.php (.../phrases_event_handler.php) (revision 5431) @@ -11,11 +11,9 @@ { parent::OnNew($event); $label = $this->Application->GetVar('phrases_label'); - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject( $label ? Array('live_table'=>true) : Array() ); - if($label) - { + $object =& $event->getObject( $label ? Array('live_table'=>true, 'skip_autoload' => true) : Array('skip_autoload' => true) ); + if ($label) { $object->SetDBField('Phrase',$label); $object->SetDBField('LanguageId', $this->Application->GetVar('m_lang') ); $object->SetDBField('PhraseType',1); @@ -46,12 +44,9 @@ function OnBeforePhraseCreate(&$event) { $edit_direct = $this->Application->GetVar($event->Prefix.'_label'); - if($edit_direct) - { - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject(); - if( $this->Application->GetVar('m_lang') != $this->Application->GetVar('lang_id') ) - { + if ($edit_direct) { + $object =& $event->getObject( Array('skip_autoload' => true) ); + if ($this->Application->GetVar('m_lang') != $this->Application->GetVar('lang_id')) { $object->SwitchToLive(); } } Index: trunk/admin/users/adduser.php =================================================================== diff -u -r4077 -r5431 --- trunk/admin/users/adduser.php (.../adduser.php) (revision 4077) +++ trunk/admin/users/adduser.php (.../adduser.php) (revision 5431) @@ -19,6 +19,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:user_list'); require_once ($pathtoroot.$admin."/include/elements.php"); require_once ($pathtoroot."kernel/admin/include/navmenu.php"); Index: trunk/admin/config/edit_banlist.php =================================================================== diff -u -r2853 -r5431 --- trunk/admin/config/edit_banlist.php (.../edit_banlist.php) (revision 2853) +++ trunk/admin/config/edit_banlist.php (.../edit_banlist.php) (revision 5431) @@ -19,6 +19,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:user_banlist'); require_once ($pathtoroot.$admin."/include/elements.php"); require_once ($pathtoroot."kernel/admin/include/navmenu.php"); Index: trunk/admin/import/step1.php =================================================================== diff -u -r2853 -r5431 --- trunk/admin/import/step1.php (.../step1.php) (revision 2853) +++ trunk/admin/import/step1.php (.../step1.php) (revision 5431) @@ -6,6 +6,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:main_import'); $pathtolocal = $pathtoroot."kernel/"; require_once ($pathtoroot.$admin."/include/elements.php"); Index: trunk/admin/logs/searchlog.php =================================================================== diff -u -r4231 -r5431 --- trunk/admin/logs/searchlog.php (.../searchlog.php) (revision 4231) +++ trunk/admin/logs/searchlog.php (.../searchlog.php) (revision 5431) @@ -19,6 +19,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:searchlog'); $pathtolocal = $pathtoroot."kernel/"; Index: trunk/admin/import/step2.php =================================================================== diff -u -r3648 -r5431 --- trunk/admin/import/step2.php (.../step2.php) (revision 3648) +++ trunk/admin/import/step2.php (.../step2.php) (revision 5431) @@ -6,6 +6,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:main_import'); $pathtolocal = $pathtoroot."kernel/"; require_once ($pathtoroot.$admin."/include/elements.php"); Index: trunk/core/units/stylesheets/stylesheets_item.php =================================================================== diff -u -r3559 -r5431 --- trunk/core/units/stylesheets/stylesheets_item.php (.../stylesheets_item.php) (revision 3559) +++ trunk/core/units/stylesheets/stylesheets_item.php (.../stylesheets_item.php) (revision 5431) @@ -4,8 +4,7 @@ { function Compile() { - $this->Application->setUnitOption('selectors', 'AutoLoad', false); - $selector_item =& $this->Application->recallObject('selectors.item', 'selectors', Array('live_table'=>true) ); + $selector_item =& $this->Application->recallObject('selectors.item', 'selectors', Array('live_table'=>true, 'skip_autoload' => true) ); $parent_field = $this->Application->getUnitOption($selector_item->Prefix, 'ForeignKey'); $sql_template = 'SELECT '.$selector_item->IDField.' FROM '.$selector_item->TableName.' WHERE '.$parent_field.' = %s ORDER BY SelectorName ASC'; Index: trunk/admin/import/step3.php =================================================================== diff -u -r3648 -r5431 --- trunk/admin/import/step3.php (.../step3.php) (revision 3648) +++ trunk/admin/import/step3.php (.../step3.php) (revision 5431) @@ -6,6 +6,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:main_import'); //admin only util $pathtolocal = $pathtoroot."kernel/"; Index: trunk/core/units/reviews/reviews_event_handler.php =================================================================== diff -u -r5219 -r5431 --- trunk/core/units/reviews/reviews_event_handler.php (.../reviews_event_handler.php) (revision 5219) +++ trunk/core/units/reviews/reviews_event_handler.php (.../reviews_event_handler.php) (revision 5431) @@ -86,8 +86,7 @@ { $user_id = $this->Application->GetVar('u_id') ? $this->Application->GetVar('u_id') : -2; $ip = $_SERVER['REMOTE_ADDR']; - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject(); + $object =& $event->getObject( Array('skip_autoload' => true) ); $product_info = $object->getLinkedInfo(); $object->addFilter('current_item', '%1$s.ItemId = '.$product_info['ParentId']); $object->addFilter('current_user', '%1$s.CreatedById = '.$user_id); @@ -105,13 +104,11 @@ { $user_id = ($this->Application->GetVar('u_id') == 0) ? -2 : $this->Application->GetVar('u_id'); $event->redirect_params = Array('pass' => 'all,p'); - - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject(); - + + $object =& $event->getObject( Array('skip_autoload' => true) ); $parent_info = $object->getLinkedInfo(); $review_fields = $this->Application->GetVar($event->getPrefixSpecial(true)); - + $sql = ' SELECT * FROM '.TABLE_PREFIX.'SpamControl WHERE ItemResourceId='.$parent_info['ParentId'].' AND IPaddress="'.$_SERVER['REMOTE_ADDR'].'" Index: trunk/admin/import/step4.php =================================================================== diff -u -r2853 -r5431 --- trunk/admin/import/step4.php (.../step4.php) (revision 2853) +++ trunk/admin/import/step4.php (.../step4.php) (revision 5431) @@ -6,6 +6,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:main_import'); //admin only util $pathtolocal = $pathtoroot."kernel/"; Index: trunk/admin/logs/email_log.php =================================================================== diff -u -r2853 -r5431 --- trunk/admin/logs/email_log.php (.../email_log.php) (revision 2853) +++ trunk/admin/logs/email_log.php (.../email_log.php) (revision 5431) @@ -19,6 +19,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:emaillog'); //admin only includes require_once ($pathtoroot.$admin."/include/elements.php"); Index: trunk/core/units/general/cat_dbitem_export.php =================================================================== diff -u -r4243 -r5431 --- trunk/core/units/general/cat_dbitem_export.php (.../cat_dbitem_export.php) (revision 4243) +++ trunk/core/units/general/cat_dbitem_export.php (.../cat_dbitem_export.php) (revision 5431) @@ -51,6 +51,12 @@ */ var $filePointer = null; + /** + * Custom fields definition of current item + * + * @var Array + */ + var $customFields = Array(); function kCatDBItemExportHelper() { @@ -282,6 +288,7 @@ } else { foreach ($check_fields as $check_field) { + $check_field = preg_replace('/^cust_(.*)/', 'Custom_\\1', $check_field); if (!in_array($check_field, $this->exportOptions['ExportColumns'])) { $object->setError('ExportColumns', 'required'); $ret = false; @@ -354,29 +361,35 @@ fclose($this->filePointer); } + function getCustomSQL() + { + $ml_formatter =& $this->Application->recallObject('kMultiLanguage'); + + $custom_sql = ''; + foreach ($this->customFields as $custom_id => $custom_name) { + $custom_sql .= 'custom_data.'.$ml_formatter->LangFieldName('cust_'.$custom_id).' AS cust_'.$custom_name.', '; + } + + return preg_replace('/(.*), /', '\\1', $custom_sql); + } + function getExportSQL($count_only = false) { if ($this->exportOptions['export_ids'] === false) { // get links from current category & all it's subcategories $join_clauses = Array(); - $custom_sql = ''; - $custom_table = $this->Application->getUnitOption($this->curItem->Prefix.'-cdata', 'TableName'); - - if ($custom_table) { - $ml_formatter =& $this->Application->recallObject('kMultiLanguage'); - $custom_fields = $this->Application->getUnitOption($this->curItem->Prefix, 'CustomFields'); - - foreach ($custom_fields as $custom_id => $custom_name) { - $custom_sql .= 'custom_data.'.$ml_formatter->LangFieldName('cust_'.$custom_id).' AS cust_'.$custom_name.','; - } + $custom_sql = $this->getCustomSQL(); + if ($custom_sql) { + $custom_table = $this->Application->getUnitOption($this->curItem->Prefix.'-cdata', 'TableName'); $join_clauses[$custom_table.' custom_data'] = 'custom_data.ResourceId = item_table.ResourceId'; } + $join_clauses[TABLE_PREFIX.'CategoryItems ci'] = 'ci.ItemResourceId = item_table.ResourceId'; $join_clauses[TABLE_PREFIX.'Category c'] = 'c.CategoryId = ci.CategoryId'; - $sql = 'SELECT item_table.*, '.$custom_sql.' ci.CategoryId + $sql = 'SELECT item_table.*, ci.CategoryId'.($custom_sql ? ', '.$custom_sql : '').' FROM '.$this->curItem->TableName.' item_table'; foreach ($join_clauses as $table_name => $join_expression) { @@ -425,7 +438,7 @@ $this->exportOptions = $this->loadOptions($event); $this->exportFields = $this->exportOptions['ExportColumns']; $this->curItem =& $event->getObject( Array('skip_autoload' => true) ); - + $this->customFields = $this->Application->getUnitOption($event->Prefix, 'CustomFields'); $this->openFile($event); if ($this->exportOptions['start_from'] == 0) // first export step @@ -636,7 +649,8 @@ break; } $this->curItem->Clear(); - + $this->customFields = $this->Application->getUnitOption($event->Prefix, 'CustomFields'); + if (isset($record_data)) { $this->setImportData($record_data); } @@ -739,7 +753,15 @@ if (count($load_keys)) { $where_clause = ''; foreach ($load_keys as $field_name => $field_value) { - $where_clause .= '(item_table.`'.$field_name.'` = '.$this->Conn->qstr($field_value).') AND '; + if (preg_match('/^cust_(.*)/', $field_name, $regs)) { + $custom_id = array_search($regs[1], $this->customFields); + $field_name = 'l'.$this->Application->GetVar('m_lang').'_cust_'.$custom_id; + $where_clause .= '(custom_data.`'.$field_name.'` = '.$this->Conn->qstr($field_value).') AND '; + } + else { + $where_clause .= '(item_table.`'.$field_name.'` = '.$this->Conn->qstr($field_value).') AND '; + } + } $where_clause = preg_replace('/(.*) AND $/', '\\1', $where_clause); @@ -750,9 +772,11 @@ $parent_path = $this->getParentPath($category_id); $where_clause = '(c.ParentPath LIKE "'.$parent_path.'%") AND '.$where_clause; } - + + $cdata_table = $this->Application->getUnitOption($event->Prefix.'-cdata', 'TableName'); $sql = 'SELECT '.$this->curItem->IDField.' FROM '.$this->curItem->TableName.' item_table + LEFT JOIN '.$cdata_table.' custom_data ON custom_data.ResourceId = item_table.ResourceId LEFT JOIN '.TABLE_PREFIX.'CategoryItems ci ON ci.ItemResourceId = item_table.ResourceId LEFT JOIN '.TABLE_PREFIX.'Category c ON c.CategoryId = ci.CategoryId WHERE '.$where_clause; Index: trunk/admin/config/edit_template.php =================================================================== diff -u -r3006 -r5431 --- trunk/admin/config/edit_template.php (.../edit_template.php) (revision 3006) +++ trunk/admin/config/edit_template.php (.../edit_template.php) (revision 5431) @@ -21,6 +21,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:configure_themes'); require_once ($pathtoroot.$admin."/include/elements.php"); require_once ($pathtoroot."kernel/admin/include/navmenu.php"); Index: trunk/kernel/units/category_items/category_items_event_handler.php =================================================================== diff -u -r4314 -r5431 --- trunk/kernel/units/category_items/category_items_event_handler.php (.../category_items_event_handler.php) (revision 4314) +++ trunk/kernel/units/category_items/category_items_event_handler.php (.../category_items_event_handler.php) (revision 5431) @@ -9,8 +9,7 @@ */ function OnSetPrimary(&$event) { - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject(); + $object =& $event->getObject( Array('skip_autoload' => true) ); $this->StoreSelectedIDs($event); $ids=$this->getSelectedIDs($event); if($ids) @@ -88,8 +87,7 @@ if(!$category_ids) return false; $item_prefix = $event->getEventParam('item_prefix'); - $this->Application->setUnitOption($item_prefix, 'AutoLoad', false); - $item =& $this->Application->recallObject($item_prefix.'.-item'); + $item =& $this->Application->recallObject($item_prefix.'.-item', null, Array('skip_autoload' => true)); $ci_table = $this->Application->getUnitOption($event->Prefix, 'TableName'); $item_table = $this->Application->getUnitOption($item_prefix, 'TableName'); Index: trunk/core/admin_templates/groups/groups_edit_tabs.tpl =================================================================== diff -u -r4596 -r5431 --- trunk/core/admin_templates/groups/groups_edit_tabs.tpl (.../groups_edit_tabs.tpl) (revision 4596) +++ trunk/core/admin_templates/groups/groups_edit_tabs.tpl (.../groups_edit_tabs.tpl) (revision 5431) @@ -5,7 +5,10 @@ - + + + + Index: trunk/admin/config/addtheme_templates.php =================================================================== diff -u -r3004 -r5431 --- trunk/admin/config/addtheme_templates.php (.../addtheme_templates.php) (revision 3004) +++ trunk/admin/config/addtheme_templates.php (.../addtheme_templates.php) (revision 5431) @@ -19,6 +19,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:configure_themes'); require_once ($pathtoroot.$admin."/include/elements.php"); require_once ($pathtoroot."kernel/admin/include/navmenu.php"); Index: trunk/core/units/general/cat_event_handler.php =================================================================== diff -u -r5340 -r5431 --- trunk/core/units/general/cat_event_handler.php (.../cat_event_handler.php) (revision 5340) +++ trunk/core/units/general/cat_event_handler.php (.../cat_event_handler.php) (revision 5431) @@ -120,10 +120,8 @@ $ids_sql = 'SELECT '.$id_field.' FROM '.$table.' WHERE ResourceId IN (%s)'; $resource_ids_sql = 'SELECT ItemResourceId FROM '.TABLE_PREFIX.'CategoryItems WHERE CategoryId = %s AND PrimaryCat = 1'; + $object =& $this->Application->recallObject($event->Prefix.'.item', $event->Prefix, Array('skip_autoload' => true)); - $this->Application->setUnitOption($event->Prefix,'AutoLoad', false); - $object =& $this->Application->recallObject($event->Prefix.'.item', $event->Prefix); - foreach($cat_ids as $source_cat => $dest_cat) { $item_resource_ids = $this->Conn->GetCol( sprintf($resource_ids_sql, $source_cat) ); @@ -135,7 +133,7 @@ $temp =& $this->Application->recallObject($event->getPrefixSpecial().'_TempHandler', 'kTempTablesHandler'); if($item_ids) $temp->CloneItems($event->Prefix, $event->Special, $item_ids); } - $this->Application->setUnitOption($event->Prefix,'AutoLoad', true); + $this->Application->SetVar('m_cat_id', $saved_cat_id); } } Index: trunk/core/units/reviews/reviews_tag_processor.php =================================================================== diff -u -r5219 -r5431 --- trunk/core/units/reviews/reviews_tag_processor.php (.../reviews_tag_processor.php) (revision 5219) +++ trunk/core/units/reviews/reviews_tag_processor.php (.../reviews_tag_processor.php) (revision 5431) @@ -53,7 +53,7 @@ function AlreadyReviewed($params) { $user_id = ($this->Application->GetVar('u_id') == 0) ? -2 : $this->Application->GetVar('u_id'); - $object =& $this->Application->recallObject($this->getPrefixSpecial(),null,array('skip_autoload'=>1)); + $object =& $this->getObject( Array('skip_autoload' => true) ); $product_info = $object->getLinkedInfo(); $sql = ' SELECT * FROM '.TABLE_PREFIX.'SpamControl Index: trunk/globals.php =================================================================== diff -u -r4865 -r5431 --- trunk/globals.php (.../globals.php) (revision 4865) +++ trunk/globals.php (.../globals.php) (revision 5431) @@ -249,7 +249,7 @@ Function QueryCount($sql) { $sql = preg_replace('/SELECT(.*)FROM[ \n\r](.*)/is','SELECT COUNT(*) AS TableCount FROM $2', $sql); - $sql = preg_replace('/(.*)LIMIT(.*)/is','$1', $sql); + $sql = preg_replace('/(.*)[ \n\r]LIMIT[ \n\r](.*)/is','$1', $sql); $sql = preg_replace('/(.*)ORDER BY(.*)/is','$1', $sql); //echo $sql; @@ -2077,5 +2077,12 @@ } return true; } + + function checkViewPermission($section_name, $system = 1) + { + $application =& kApplication::Instance(); + $application->InitParser(); + $application->ProcessParsedTag('m', 'RequireLogin', Array('permissions' => $section_name.'.view', 'system' => $system, 'index_file' => 'index.php')); + } ?> Index: trunk/kernel/units/general/inp_db_event_handler.php =================================================================== diff -u -r4712 -r5431 --- trunk/kernel/units/general/inp_db_event_handler.php (.../inp_db_event_handler.php) (revision 4712) +++ trunk/kernel/units/general/inp_db_event_handler.php (.../inp_db_event_handler.php) (revision 5431) @@ -26,9 +26,8 @@ if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { return; } - - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject(); + + $object =& $event->getObject( Array('skip_autoload' => true) ); $this->StoreSelectedIDs($event); $ids=$this->getSelectedIDs($event); Index: trunk/core/kernel/db/db_event_handler.php =================================================================== diff -u -r5340 -r5431 --- trunk/core/kernel/db/db_event_handler.php (.../db_event_handler.php) (revision 5340) +++ trunk/core/kernel/db/db_event_handler.php (.../db_event_handler.php) (revision 5431) @@ -787,8 +787,7 @@ */ function OnCreate(&$event) { - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject(); + $object =& $event->getObject( Array('skip_autoload' => true) ); $items_info = $this->Application->GetVar( $event->getPrefixSpecial(true) ); if($items_info) @@ -824,8 +823,7 @@ */ function OnUpdate(&$event) { - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject(); + $object =& $event->getObject( Array('skip_autoload' => true) ); $items_info = $this->Application->GetVar( $event->getPrefixSpecial(true) ); if($items_info) @@ -859,8 +857,7 @@ */ function OnDelete(&$event) { - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject(); + $object =& $event->getObject( Array('skip_autoload' => true) ); $object->ID = $this->getPassedID($event); if( $object->Delete() ) { @@ -881,15 +878,13 @@ */ function OnNew(&$event) { - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject(); + $object =& $event->getObject( Array('skip_autoload' => true) ); $object->setID(0); $this->Application->SetVar($event->Prefix_Special.'_SaveEvent','OnCreate'); $table_info = $object->getLinkedInfo(); $object->SetDBField($table_info['ForeignKey'], $table_info['ParentId']); - - $this->Application->setUnitOption($event->Prefix,'AutoLoad',true); + $event->redirect = false; } @@ -1046,10 +1041,9 @@ } return; } + + $object =& $event->getObject( Array('skip_autoload' => true) ); - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject(); - $items_info = $this->Application->GetVar( $event->getPrefixSpecial(true) ); if ($items_info) { foreach ($items_info as $id => $field_values) { @@ -1125,10 +1119,8 @@ function OnPreCreate(&$event) { $this->clearSelectedIDs($event); + $object =& $event->getObject( Array('skip_autoload' => true) ); - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject(); - $temp =& $this->Application->recallObject($event->Prefix.'_TempHandler', 'kTempTablesHandler'); $temp->PrepareEdit(); @@ -1145,12 +1137,10 @@ */ function OnPreSaveCreated(&$event) { - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $items_info = $this->Application->GetVar( $event->getPrefixSpecial(true) ); if($items_info) $field_values = array_shift($items_info); - $object =& $event->getObject(); + $object =& $event->getObject( Array('skip_autoload' => true) ); $object->SetFieldsFromHash($field_values); $this->customProcessing($event, 'before'); Index: trunk/admin/users/adduser_custom.php =================================================================== diff -u -r4077 -r5431 --- trunk/admin/users/adduser_custom.php (.../adduser_custom.php) (revision 4077) +++ trunk/admin/users/adduser_custom.php (.../adduser_custom.php) (revision 5431) @@ -19,6 +19,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:user_list'); require_once ($pathtoroot.$admin."/include/elements.php"); require_once ($pathtoroot."kernel/admin/include/navmenu.php"); Index: trunk/kernel/units/statistics/statistics_tag_processor.php =================================================================== diff -u -r4765 -r5431 --- trunk/kernel/units/statistics/statistics_tag_processor.php (.../statistics_tag_processor.php) (revision 4765) +++ trunk/kernel/units/statistics/statistics_tag_processor.php (.../statistics_tag_processor.php) (revision 5431) @@ -214,10 +214,7 @@ function GetTotalPending() { - $sql = 'SELECT Prefix - FROM '.TABLE_PREFIX.'ItemTypes - WHERE LENGTH(ClassName) > 0'; - $prefixes = $this->Conn->GetCol($sql); + $prefixes = $this->getPendingPrefixes(); $sum = 0; foreach ($prefixes as $prefix) { @@ -226,12 +223,18 @@ return $sum; } - function PrintPendingStatistics($params) + function getPendingPrefixes() { $sql = 'SELECT Prefix - FROM '.TABLE_PREFIX.'ItemTypes - WHERE LENGTH(ClassName) > 0'; - $check_prefixes = $this->Conn->GetCol($sql); + FROM '.TABLE_PREFIX.'ItemTypes it + LEFT JOIN '.TABLE_PREFIX.'Modules m ON m.Name = it.Module + WHERE (m.Loaded = 1) AND (LENGTH(it.ClassName) > 0)'; + return $this->Conn->GetCol($sql); + } + + function PrintPendingStatistics($params) + { + $check_prefixes = $this->getPendingPrefixes(); if (!$check_prefixes) { return ''; } Index: trunk/admin/tools/server_info.php =================================================================== diff -u -r2853 -r5431 --- trunk/admin/tools/server_info.php (.../server_info.php) (revision 2853) +++ trunk/admin/tools/server_info.php (.../server_info.php) (revision 5431) @@ -19,6 +19,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:server_info'); require_once ($pathtoroot.$admin."/include/elements.php"); require_once ($pathtoroot."kernel/admin/include/navmenu.php"); Index: trunk/kernel/include/custommetadata.php =================================================================== diff -u -r4816 -r5431 --- trunk/kernel/include/custommetadata.php (.../custommetadata.php) (revision 4816) +++ trunk/kernel/include/custommetadata.php (.../custommetadata.php) (revision 5431) @@ -118,7 +118,10 @@ function SaveData($main_prefix, $resource_id) { - $ml_formatter =& $this->Application->recallObject('kMultiLanguage'); + // to call OnAfterConfigRead event + $item_table = $this->Application->getUnitOption($main_prefix, 'TableName'); + + $ml_formatter =& $this->Application->recallObject('kMultiLanguage'); $custom_data =& $this->Application->recallObject($main_prefix.'-cdata', null, Array('skip_autoload' => true)); $custom_data->Load($resource_id, 'ResourceId'); Index: trunk/admin/config/config_theme.php =================================================================== diff -u -r3272 -r5431 --- trunk/admin/config/config_theme.php (.../config_theme.php) (revision 3272) +++ trunk/admin/config/config_theme.php (.../config_theme.php) (revision 5431) @@ -19,6 +19,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:configure_themes'); require_once ($pathtoroot.$admin."/include/elements.php"); require_once ($pathtoroot."kernel/admin/include/navmenu.php"); Index: trunk/core/units/stylesheets/stylesheets_event_handler.php =================================================================== diff -u -r1654 -r5431 --- trunk/core/units/stylesheets/stylesheets_event_handler.php (.../stylesheets_event_handler.php) (revision 1654) +++ trunk/core/units/stylesheets/stylesheets_event_handler.php (.../stylesheets_event_handler.php) (revision 5431) @@ -10,8 +10,7 @@ */ function OnCompileStylesheet(&$event) { - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject(); + $object =& $event->getObject( Array('skip_autoload' => true) ); $object->SwitchToLive(); $ids = explode(',', $event->MasterEvent->getEventParam('ids') ); Index: trunk/core/kernel/db/db_tag_processor.php =================================================================== diff -u -r5340 -r5431 --- trunk/core/kernel/db/db_tag_processor.php (.../db_tag_processor.php) (revision 5340) +++ trunk/core/kernel/db/db_tag_processor.php (.../db_tag_processor.php) (revision 5431) @@ -475,8 +475,7 @@ function AddCurrencySymbol($value, $iso) { - $this->Application->setUnitOption('curr', 'AutoLoad', false); - $currency =& $this->Application->recallObject('curr.-'.$iso); + $currency =& $this->Application->recallObject('curr.-'.$iso, null, Array('skip_autoload' => true)); if( !$currency->isLoaded() ) $currency->Load($iso, 'ISO'); $symbol = $currency->GetDBField('Symbol'); Index: trunk/admin/users/adduser_images.php =================================================================== diff -u -r3282 -r5431 --- trunk/admin/users/adduser_images.php (.../adduser_images.php) (revision 3282) +++ trunk/admin/users/adduser_images.php (.../adduser_images.php) (revision 5431) @@ -19,6 +19,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:user_list'); require_once ($pathtoroot.$admin."/include/elements.php"); require_once ($pathtoroot."kernel/admin/include/navmenu.php"); Index: trunk/core/units/users/users_event_handler.php =================================================================== diff -u -r5194 -r5431 --- trunk/core/units/users/users_event_handler.php (.../users_event_handler.php) (revision 5194) +++ trunk/core/units/users/users_event_handler.php (.../users_event_handler.php) (revision 5431) @@ -10,6 +10,9 @@ { parent::mapPermissions(); $permissions = Array( + // admin + 'OnSetPersistantVariable' => Array('self' => 'view'), // because setting to logged in user only + // front 'OnRefreshForm' => Array('self' => true), @@ -101,8 +104,7 @@ */ function OnLogin(&$event) { - $this->Application->setUnitOption($event->Prefix, 'AutoLoad', false); - $object =& $this->Application->recallObject('u'); + $object =& $this->Application->recallObject('u', null, Array('skip_autoload' => true)); $password = $this->Application->GetVar('password'); if(!$password) @@ -260,6 +262,11 @@ { $sync_manager =& $this->Application->recallObjectP('UsersSyncronizeManager', null, Array(), 'InPortalSyncronize'); $sync_manager->performAction('LoginUser', $event->getEventParam('user'), $event->getEventParam('pass') ); + + if ($event->redirect && is_string($event->redirect)) { + // some real template specified instead of true + $this->Application->Redirect($event->redirect, $event->redirect_params); + } } /** @@ -443,7 +450,6 @@ $object =& $event->getObject( Array('skip_autoload' => true) ); $this->Application->SetVar('u_id', $object->getID() ); - $this->Application->setUnitOption('u', 'AutoLoad', true); $this->setNextTemplate($event); @@ -462,8 +468,7 @@ */ function setUserStatus(&$event) { - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject(); + $object =& $event->getObject( Array('skip_autoload' => true) ); $new_users_allowed = $this->Application->ConfigValue('User_Allow_New'); // 1 - Instant, 2 - Not Allowed, 3 - Pending @@ -579,8 +584,7 @@ */ function OnUpdateAddress(&$event) { - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject(); + $object =& $event->getObject( Array('skip_autoload' => true) ); $items_info = $this->Application->GetVar( $event->getPrefixSpecial(true) ); if($items_info) @@ -599,10 +603,9 @@ $user_email = $this->Application->GetVar('subscriber_email'); if ( preg_match("/^[_a-zA-Z0-9-\.]+@[a-zA-Z0-9-\.]+\.[a-z]{2,4}$/", $user_email) ){ + + $object = &$this->Application->recallObject($this->Prefix.'.subscriber', null, Array('skip_autoload' => true)); - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object = &$this->Application->recallObject($this->Prefix.'.subscriber'); - $this->Application->StoreVar('SubscriberEmail', $user_email); if( $object->Load(array('Email'=>$user_email)) ){ @@ -635,8 +638,7 @@ function OnSubscribeUser(&$event){ - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object = &$this->Application->recallObject($this->Prefix.'.subscriber'); + $object = &$this->Application->recallObject($this->Prefix.'.subscriber', Array('skip_autoload' => true)); $user_email = $this->Application->RecallVar('SubscriberEmail'); @@ -727,8 +729,7 @@ function OnForgotPassword(&$event){ - $this->Application->setUnitOption('u', 'AutoLoad', false); - $user_object = &$this->Application->recallObject('u.forgot'); + $user_object = &$this->Application->recallObject('u.forgot', null, Array('skip_autoload' => true)); $user_current_object = &$this->Application->recallObject('u'); $username = $this->Application->GetVar('username'); Index: trunk/core/units/admin/admin_config.php =================================================================== diff -u -r5110 -r5431 --- trunk/core/units/admin/admin_config.php (.../admin_config.php) (revision 5110) +++ trunk/core/units/admin/admin_config.php (.../admin_config.php) (revision 5431) @@ -24,7 +24,7 @@ 'icon' => 'site', 'label' => $this->Application->ConfigValue('Site_Name'), 'url' => Array('t' => 'sections_list', 'pass' => 'm', 'pass_section' => true, 'no_amp' => 1), - 'permissions' => Array('view', 'advanced:admin_login', 'advanced:front_login'), + 'permissions' => Array('advanced:admin_login', 'advanced:front_login'), 'priority' => 0, 'type' => stTREE, ), Index: trunk/admin/logs/session_list.php =================================================================== diff -u -r3887 -r5431 --- trunk/admin/logs/session_list.php (.../session_list.php) (revision 3887) +++ trunk/admin/logs/session_list.php (.../session_list.php) (revision 5431) @@ -19,6 +19,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:sessionlog'); //admin only includes require_once ($pathtoroot.$admin."/include/elements.php"); Fisheye: Tag 5431 refers to a dead (removed) revision in file `trunk/admin/install/upgrades/readme_1_1_9.txt'. Fisheye: No comparison available. Pass `N' to diff? Index: trunk/admin/install/upgrades/changelog_1_2_0.txt =================================================================== diff -u -r5289 -r5431 --- trunk/admin/install/upgrades/changelog_1_2_0.txt (.../changelog_1_2_0.txt) (revision 5289) +++ trunk/admin/install/upgrades/changelog_1_2_0.txt (.../changelog_1_2_0.txt) (revision 5431) @@ -1,6 +1,7 @@ File in-portal/globals.php changed File in-portal/index.php changed File in-portal/admin/addreview_direct.php changed +File in-portal/admin/advanced_view.php changed File in-portal/admin/browse.php changed File in-portal/admin/head.php is removed; release_1_1_8 revision 1.12 File in-portal/admin/index.php changed @@ -9,16 +10,32 @@ File in-portal/admin/install.php changed File in-portal/admin/login.php is removed; release_1_1_8 revision 1.6 File in-portal/admin/relation_select.php changed +File in-portal/admin/reviews.php changed +File in-portal/admin/tag_listing.php changed +File in-portal/admin/backup/backup1.php changed +File in-portal/admin/backup/backup2.php changed +File in-portal/admin/backup/backup3.php changed +File in-portal/admin/backup/export1.php changed +File in-portal/admin/backup/restore1.php changed +File in-portal/admin/backup/restore2.php changed +File in-portal/admin/backup/restore3.php changed +File in-portal/admin/backup/restore4.php changed File in-portal/admin/category/addcategory.php changed File in-portal/admin/category/addcategory_permissions.php changed File in-portal/admin/category/addimage.php changed File in-portal/admin/category/category_items.php is new; release_1_2_0 revision 1.4 File in-portal/admin/category/permcacheupdate.php changed File in-portal/admin/config/addtheme.php changed +File in-portal/admin/config/addtheme_templates.php changed File in-portal/admin/config/config_general.php is removed; release_1_1_8 revision 1.3 +File in-portal/admin/config/config_theme.php changed +File in-portal/admin/config/edit_banlist.php changed File in-portal/admin/config/edit_config.php is removed; release_1_1_8 revision 1.9 +File in-portal/admin/config/edit_template.php changed File in-portal/admin/config/email_edit.php changed File in-portal/admin/config/module_email.php is removed; release_1_1_8 revision 1.13 +File in-portal/admin/email/do_send.php changed +File in-portal/admin/help/manual.pdf changed File in-portal/admin/icons/icon24_advanced_view.gif is removed; release_1_1_8 revision 1.2 File in-portal/admin/icons/icon24_reviews.gif is removed; release_1_1_8 revision 1.1 File in-portal/admin/icons/icon24_server_info.gif is removed; release_1_1_8 revision 1.1 @@ -37,6 +54,10 @@ File in-portal/admin/icons/icon46_list_settings_search.gif is removed; release_1_1_8 revision 1.1 File in-portal/admin/icons/icon46_list_validate.gif is removed; release_1_1_8 revision 1.1 File in-portal/admin/icons/icon46_user_settings.gif is removed; release_1_1_8 revision 1.1 +File in-portal/admin/import/step1.php changed +File in-portal/admin/import/step2.php changed +File in-portal/admin/import/step3.php changed +File in-portal/admin/import/step4.php changed File in-portal/admin/include/elements.php changed File in-portal/admin/include/mainscript.js changed File in-portal/admin/include/mainscript.php changed @@ -47,9 +68,15 @@ File in-portal/admin/install/install_lib.php changed File in-portal/admin/install/prerequisit_errors.php changed File in-portal/admin/install/langpacks/english.lang changed -File in-portal/admin/install/upgrades/changelog_1_2_0.txt is new; release_1_2_0 revision 1.1.2.1 -File in-portal/admin/install/upgrades/inportal_upgrade_v1.2.0.sql is new; release_1_2_0 revision 1.3.2.3 -File in-portal/admin/install/upgrades/readme_1_1_9.txt is new; release_1_2_0 revision 1.1 +File in-portal/admin/install/upgrades/changelog_1_2_0.txt is new; release_1_2_0 revision 1.1.2.6 +File in-portal/admin/install/upgrades/inportal_upgrade_v1.2.0.sql is new; release_1_2_0 revision 1.3.2.6 +File in-portal/admin/install/upgrades/readme_1_2_0.txt is new; release_1_2_0 revision 1.1.2.1 +File in-portal/admin/logs/email_log.php changed +File in-portal/admin/logs/searchlog.php changed +File in-portal/admin/logs/session_list.php changed +File in-portal/admin/logs/summary.php changed +File in-portal/admin/modules/addmodule.php changed +File in-portal/admin/tools/server_info.php changed File in-portal/admin/tools/sql_query.php changed File in-portal/admin/tools/sql_result.php changed File in-portal/admin/tree/ftiens4.js is removed; release_1_1_8 revision 1.2 @@ -70,9 +97,19 @@ File in-portal/admin/users/addgroup.php is removed; release_1_1_8 revision 1.11.20.1 File in-portal/admin/users/addgroup_permissions.php is removed; release_1_1_8 revision 1.8 File in-portal/admin/users/addgroup_users.php is removed; release_1_1_8 revision 1.15.32.1 +File in-portal/admin/users/addrule.php changed +File in-portal/admin/users/adduser.php changed +File in-portal/admin/users/adduser_custom.php changed +File in-portal/admin/users/adduser_groups.php changed +File in-portal/admin/users/adduser_images.php changed +File in-portal/admin/users/adduser_items.php changed +File in-portal/admin/users/adduser_permissions.php changed +File in-portal/admin/users/banuser.php changed File in-portal/admin/users/group_addpermission.php is removed; release_1_1_8 revision 1.9 File in-portal/admin/users/user_addimage.php changed +File in-portal/admin/users/user_addpermission.php changed File in-portal/admin/users/user_editgroup.php changed +File in-portal/admin/users/user_list.php changed File in-portal/kernel/action.php changed File in-portal/kernel/constants.php changed File in-portal/kernel/frontaction.php changed @@ -91,6 +128,7 @@ File in-portal/kernel/admin/include/summary/root.php changed File in-portal/kernel/admin/include/toolbar/advanced_view.php changed File in-portal/kernel/admin/include/toolbar/browse.php changed +File in-portal/kernel/admin/include/toolbar/configure_users.php is removed; release_1_1_8 revision 1.1 File in-portal/kernel/admin/include/toolbar/editcategory_relationselect.php changed File in-portal/kernel/admin_templates/category_selector.tpl changed File in-portal/kernel/admin_templates/head.tpl is new; release_1_2_0 revision 1.4 @@ -111,11 +149,11 @@ File in-portal/kernel/admin_templates/custom_fields/custom_fields_edit.tpl changed File in-portal/kernel/admin_templates/custom_fields/custom_fields_list.tpl changed File in-portal/kernel/admin_templates/groups/groups_edit.tpl is new; release_1_2_0 revision 1.3 -File in-portal/kernel/admin_templates/groups/groups_edit_permissions.tpl is new; release_1_2_0 revision 1.8 -File in-portal/kernel/admin_templates/groups/groups_edit_tabs.tpl is new; release_1_2_0 revision 1.1 +File in-portal/kernel/admin_templates/groups/groups_edit_permissions.tpl is new; release_1_2_0 revision 1.8.2.1 +File in-portal/kernel/admin_templates/groups/groups_edit_tabs.tpl is new; release_1_2_0 revision 1.1.2.1 File in-portal/kernel/admin_templates/groups/groups_edit_users.tpl is new; release_1_2_0 revision 1.4 File in-portal/kernel/admin_templates/groups/groups_list.tpl is new; release_1_2_0 revision 1.3 -File in-portal/kernel/admin_templates/groups/permissions_selector.tpl is new; release_1_2_0 revision 1.7 +File in-portal/kernel/admin_templates/groups/permissions_selector.tpl is new; release_1_2_0 revision 1.7.2.1 File in-portal/kernel/admin_templates/img/globe.gif changed File in-portal/kernel/admin_templates/img/logo.gif changed File in-portal/kernel/admin_templates/img/icons/icon24_advanced_view.gif is new; release_1_2_0 revision 1.1 @@ -232,6 +270,7 @@ File in-portal/kernel/include/debugger.php changed File in-portal/kernel/include/emailmessage.php changed File in-portal/kernel/include/image.php changed +File in-portal/kernel/include/item.php changed File in-portal/kernel/include/itemtypes.php changed File in-portal/kernel/include/modules.php changed File in-portal/kernel/include/parse.php changed @@ -249,8 +288,8 @@ File in-portal/kernel/module_help/tree_site.txt is new; release_1_2_0 revision 1.1 File in-portal/kernel/module_help/tree_system.txt is new; release_1_2_0 revision 1.1 File in-portal/kernel/module_help/tree_users.txt is new; release_1_2_0 revision 1.1 -File in-portal/kernel/units/admin/admin_config.php is new; release_1_2_0 revision 1.12 -File in-portal/kernel/units/admin/admin_tag_processor.php is new; release_1_2_0 revision 1.17 +File in-portal/kernel/units/admin/admin_config.php is new; release_1_2_0 revision 1.12.2.1 +File in-portal/kernel/units/admin/admin_tag_processor.php is new; release_1_2_0 revision 1.17.2.1 File in-portal/kernel/units/categories/categories_config.php changed File in-portal/kernel/units/categories/categories_event_handler.php changed File in-portal/kernel/units/categories/categories_item.php changed @@ -271,6 +310,7 @@ File in-portal/kernel/units/custom_fields/custom_fields_event_handler.php changed File in-portal/kernel/units/email_events/email_events_event_handler.php changed File in-portal/kernel/units/general/cat_dbitem.php changed +File in-portal/kernel/units/general/cat_dbitem_export.php changed File in-portal/kernel/units/general/cat_event_handler.php changed File in-portal/kernel/units/general/custom_fields.php changed File in-portal/kernel/units/general/general_config.php changed @@ -283,9 +323,9 @@ File in-portal/kernel/units/general/helpers/mod_rewrite_helper.php is new; release_1_2_0 revision 1.2 File in-portal/kernel/units/general/helpers/modules.php is new; release_1_2_0 revision 1.5 File in-portal/kernel/units/general/helpers/multilanguage.php changed -File in-portal/kernel/units/general/helpers/permissions_helper.php is new; release_1_2_0 revision 1.8.2.2 +File in-portal/kernel/units/general/helpers/permissions_helper.php is new; release_1_2_0 revision 1.8.2.4 File in-portal/kernel/units/general/helpers/sections_helper.php is new; release_1_2_0 revision 1.6 -File in-portal/kernel/units/groups/groups_config.php is new; release_1_2_0 revision 1.8.2.1 +File in-portal/kernel/units/groups/groups_config.php is new; release_1_2_0 revision 1.8.2.2 File in-portal/kernel/units/groups/groups_event_handler.php is new; release_1_2_0 revision 1.1 File in-portal/kernel/units/groups/groups_item.php is new; release_1_2_0 revision 1.1.2.1 File in-portal/kernel/units/help/help_tag_processor.php changed @@ -301,7 +341,7 @@ File in-portal/kernel/units/modules/modules_event_handler.php changed File in-portal/kernel/units/modules/modules_tag_processor.php changed File in-portal/kernel/units/permissions/permissions_config.php is new; release_1_2_0 revision 1.2 -File in-portal/kernel/units/permissions/permissions_event_handler.php is new; release_1_2_0 revision 1.1 +File in-portal/kernel/units/permissions/permissions_event_handler.php is new; release_1_2_0 revision 1.1.2.1 File in-portal/kernel/units/permissions/permissions_tag_processor.php is new; release_1_2_0 revision 1.1 File in-portal/kernel/units/phrases/phrases_config.php changed File in-portal/kernel/units/relationship/relationship_config.php is new; release_1_2_0 revision 1.2 @@ -361,11 +401,11 @@ File kernel4_dev/kernel4/utility/debugger/debugger.js is new; release_1_2_0 revision 1.5 File kernel4_dev/kernel4/utility/debugger/debugger_responce.php is new; release_1_2_0 revision 1.2 File kernel4_dev/kernel4/utility/formatters/ccdate_formatter.php is new; release_1_2_0 revision 1.1 -File kernel4_dev/kernel4/utility/formatters/date_formatter.php is new; release_1_2_0 revision 1.1 +File kernel4_dev/kernel4/utility/formatters/date_formatter.php is new; release_1_2_0 revision 1.1.2.1 File kernel4_dev/kernel4/utility/formatters/filesize_formatter.php is new; release_1_2_0 revision 1.1 File kernel4_dev/kernel4/utility/formatters/formatter.php is new; release_1_2_0 revision 1.1 File kernel4_dev/kernel4/utility/formatters/formatters_config.php is new; release_1_2_0 revision 1.3 -File kernel4_dev/kernel4/utility/formatters/left_formatter.php is new; release_1_2_0 revision 1.1 +File kernel4_dev/kernel4/utility/formatters/left_formatter.php is new; release_1_2_0 revision 1.1.2.1 File kernel4_dev/kernel4/utility/formatters/multilang_formatter.php is new; release_1_2_0 revision 1.1 File kernel4_dev/kernel4/utility/formatters/options_formatter.php is new; release_1_2_0 revision 1.1 File kernel4_dev/kernel4/utility/formatters/password_formatter.php is new; release_1_2_0 revision 1.1 Index: trunk/admin/users/user_list.php =================================================================== diff -u -r2853 -r5431 --- trunk/admin/users/user_list.php (.../user_list.php) (revision 2853) +++ trunk/admin/users/user_list.php (.../user_list.php) (revision 5431) @@ -20,6 +20,8 @@ require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:user_list'); + require_login(); $pathtolocal = $pathtoroot."kernel/"; Index: trunk/admin/backup/backup1.php =================================================================== diff -u -r3282 -r5431 --- trunk/admin/backup/backup1.php (.../backup1.php) (revision 3282) +++ trunk/admin/backup/backup1.php (.../backup1.php) (revision 5431) @@ -6,6 +6,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:backup'); $pathtolocal = $pathtoroot."kernel/"; require_once ($pathtoroot."admin/include/elements.php"); Index: trunk/kernel/units/general/helpers/permissions_helper.php =================================================================== diff -u -r5325 -r5431 --- trunk/kernel/units/general/helpers/permissions_helper.php (.../permissions_helper.php) (revision 5325) +++ trunk/kernel/units/general/helpers/permissions_helper.php (.../permissions_helper.php) (revision 5431) @@ -276,6 +276,10 @@ $redirect_params = $this->Application->isDebugMode() ? Array('from_template' => 1, 'perms' => $params[ isset($params['permissions']) ? 'permissions' : 'perm_event'], 'next_template' => $t) : Array(); } + if (isset($params['index_file']) && $params['index_file']) { + $redirect_params['index_file'] = $params['index_file']; + } + return Array($redirect_template, $redirect_params); } Index: trunk/kernel/units/relationship/relationship_event_handler.php =================================================================== diff -u -r5373 -r5431 --- trunk/kernel/units/relationship/relationship_event_handler.php (.../relationship_event_handler.php) (revision 5373) +++ trunk/kernel/units/relationship/relationship_event_handler.php (.../relationship_event_handler.php) (revision 5431) @@ -22,8 +22,7 @@ */ function OnAddRelation(&$event) { - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject(); + $object =& $event->getObject( Array('skip_autoload' => true) ); $table_info = $object->getLinkedInfo(); $main_item_type = $this->Application->getUnitOption($table_info['ParentPrefix'],'ItemType'); Index: trunk/admin/backup/backup2.php =================================================================== diff -u -r2853 -r5431 --- trunk/admin/backup/backup2.php (.../backup2.php) (revision 2853) +++ trunk/admin/backup/backup2.php (.../backup2.php) (revision 5431) @@ -6,6 +6,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:backup'); $pathtolocal = $pathtoroot."kernel/"; require_once ($pathtoroot."admin/include/elements.php"); Index: trunk/kernel/units/email_events/email_events_event_handler.php =================================================================== diff -u -r5248 -r5431 --- trunk/kernel/units/email_events/email_events_event_handler.php (.../email_events_event_handler.php) (revision 5248) +++ trunk/kernel/units/email_events/email_events_event_handler.php (.../email_events_event_handler.php) (revision 5431) @@ -120,10 +120,8 @@ $to_user_id = $event->getEventParam('EmailEventToUserId'); $email_event_type = $event->getEventParam('EmailEventType'); - - $this->Application->setUnitOption('emailmessages', 'AutoLoad', false); - $message_object = &$this->Application->recallObject('emailmessages'); - + + $message_object = &$this->Application->recallObject('emailmessages', null, Array('skip_autoload' => true)); $event_table = $this->Application->getUnitOption('emailevents', 'TableName'); $event_object = &$event->getObject(); @@ -154,23 +152,20 @@ $message_object->Load(array('EventId' => $event_id, 'LanguageId' => $this->Application->GetVar('m_lang'))); $message_type = $message_object->GetDBField('MessageType'); + $email_object = &$this->Application->recallObject('kEmailMessage'); + $email_object->Clear(); + // add footer: begin $sql = 'SELECT em.Template FROM '.$message_object->TableName.' em LEFT JOIN '.TABLE_PREFIX.'Events e ON e.EventId = em.EventId WHERE em.LanguageId = '.$message_object->GetDBField('LanguageId').' AND e.Event = "COMMON.FOOTER"'; $footer = explode("\n\n", $this->Conn->GetOne($sql)); - $footer = $message_object->GetDBField('MessageType') == 'text' ? strip_tags($footer[1]) : $footer[1]; + $footer = $message_object->GetDBField('MessageType') == 'text' ? $email_object->convertHTMLtoPlain($footer[1]) : $footer[1]; $message_template = $message_object->GetDBField('Template')."\r\n".$footer; // add footer: end - $email_object = &$this->Application->recallObject('kEmailMessage'); - $email_object->Clear(); - - $old_autoload = $this->Application->getUnitOption('u', 'AutoLoad'); - $this->Application->setUnitOption('u', 'AutoLoad', false); - - $from_user_object = &$this->Application->recallObject('u.-email'.$from_user_id); + $from_user_object = &$this->Application->recallObject('u.-email'.$from_user_id, null, Array('skip_autoload' => true)); $from_user_object->Load($from_user_id); // here if we don't have from_user loaded, it takes a default user from config values if ( $from_user_object->IsLoaded() ) { @@ -181,13 +176,11 @@ $from_user_email = $this->Application->ConfigValue('Smtp_AdminMailFrom'); } - $to_user_object = &$this->Application->recallObject('u.-email'.$to_user_id); + $to_user_object = &$this->Application->recallObject('u.-email'.$to_user_id, null, Array('skip_autoload' => true)); $to_user_object->Load($to_user_id); $to_user_email = $to_user_object->GetDBField('Email'); $to_user_name = trim($to_user_object->GetDBField('FirstName').' '.$to_user_object->GetDBField('LastName')); - $this->Application->setUnitOption('u', 'AutoLoad', $old_autoload); - if($direct_send_params){ $to_user_email = ( $direct_send_params['to_email'] ? $direct_send_params['to_email'] : $to_user_email ); $to_user_name = ( $direct_send_params['to_name'] ? $direct_send_params['to_name'] : $to_user_name ); Index: trunk/admin/users/user_addpermission.php =================================================================== diff -u -r2853 -r5431 --- trunk/admin/users/user_addpermission.php (.../user_addpermission.php) (revision 2853) +++ trunk/admin/users/user_addpermission.php (.../user_addpermission.php) (revision 5431) @@ -19,6 +19,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:user_list'); require_once ($pathtoroot.$admin."/include/elements.php"); require_once ($pathtoroot."kernel/admin/include/navmenu.php"); Index: trunk/admin/backup/backup3.php =================================================================== diff -u -r2853 -r5431 --- trunk/admin/backup/backup3.php (.../backup3.php) (revision 2853) +++ trunk/admin/backup/backup3.php (.../backup3.php) (revision 5431) @@ -6,6 +6,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:backup'); $pathtolocal = $pathtoroot."kernel/"; require_once ($pathtoroot."admin/include/elements.php"); Index: trunk/admin/help/manual.pdf =================================================================== diff -u -r4712 -r5431 Binary files differ Index: trunk/core/units/category_items/category_items_event_handler.php =================================================================== diff -u -r4314 -r5431 --- trunk/core/units/category_items/category_items_event_handler.php (.../category_items_event_handler.php) (revision 4314) +++ trunk/core/units/category_items/category_items_event_handler.php (.../category_items_event_handler.php) (revision 5431) @@ -9,8 +9,7 @@ */ function OnSetPrimary(&$event) { - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject(); + $object =& $event->getObject( Array('skip_autoload' => true) ); $this->StoreSelectedIDs($event); $ids=$this->getSelectedIDs($event); if($ids) @@ -88,8 +87,7 @@ if(!$category_ids) return false; $item_prefix = $event->getEventParam('item_prefix'); - $this->Application->setUnitOption($item_prefix, 'AutoLoad', false); - $item =& $this->Application->recallObject($item_prefix.'.-item'); + $item =& $this->Application->recallObject($item_prefix.'.-item', null, Array('skip_autoload' => true)); $ci_table = $this->Application->getUnitOption($event->Prefix, 'TableName'); $item_table = $this->Application->getUnitOption($item_prefix, 'TableName'); Index: trunk/core/units/general/inp_db_event_handler.php =================================================================== diff -u -r4712 -r5431 --- trunk/core/units/general/inp_db_event_handler.php (.../inp_db_event_handler.php) (revision 4712) +++ trunk/core/units/general/inp_db_event_handler.php (.../inp_db_event_handler.php) (revision 5431) @@ -26,9 +26,8 @@ if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) { return; } - - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject(); + + $object =& $event->getObject( Array('skip_autoload' => true) ); $this->StoreSelectedIDs($event); $ids=$this->getSelectedIDs($event); Index: trunk/kernel/include/modlist.php =================================================================== diff -u -r3815 -r5431 --- trunk/kernel/include/modlist.php (.../modlist.php) (revision 3815) +++ trunk/kernel/include/modlist.php (.../modlist.php) (revision 5431) @@ -39,7 +39,7 @@ function LoadModules() { $this->Clear(); - return $this->Query_Item("SELECT * FROM ".$this->SourceTable); + return $this->Query_Item('SELECT * FROM '.$this->SourceTable.' WHERE Loaded = 1'); } function &FindModule($fieldname, $value) Index: trunk/admin/users/user_editgroup.php =================================================================== diff -u -r4645 -r5431 --- trunk/admin/users/user_editgroup.php (.../user_editgroup.php) (revision 4645) +++ trunk/admin/users/user_editgroup.php (.../user_editgroup.php) (revision 5431) @@ -19,6 +19,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:user_list'); /* set the destination of the image upload, relative to the root path */ $DestDir = 'kernel/images/'; Index: trunk/admin/users/addrule.php =================================================================== diff -u -r2853 -r5431 --- trunk/admin/users/addrule.php (.../addrule.php) (revision 2853) +++ trunk/admin/users/addrule.php (.../addrule.php) (revision 5431) @@ -19,6 +19,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:user_banlist'); require_once ($pathtoroot.$admin."/include/elements.php"); require_once ($pathtoroot."kernel/admin/include/navmenu.php"); Index: trunk/kernel/units/permissions/permissions_event_handler.php =================================================================== diff -u -r5326 -r5431 --- trunk/kernel/units/permissions/permissions_event_handler.php (.../permissions_event_handler.php) (revision 5326) +++ trunk/kernel/units/permissions/permissions_event_handler.php (.../permissions_event_handler.php) (revision 5431) @@ -3,6 +3,19 @@ class PermissionsEventHandler extends InpDBEventHandler { /** + * Allows to override standart permission mapping + * + */ + function mapPermissions() + { + parent::mapPermissions(); + $permissions = Array( + 'OnGroupSavePermissions' => Array('subitem' => 'advanced:manage_permissions'), + ); + $this->permMapping = array_merge($this->permMapping, $permissions); + } + + /** * Save category permissions * * @param kEvent $event @@ -70,6 +83,11 @@ */ function OnGroupSavePermissions(&$event) { + if (!$this->Application->CheckPermission('in-portal:user_groups.advanced:manage_permissions', 1)) { + // no permission to save permissions + return false; + } + $permissions = $this->Application->GetVar($event->getPrefixSpecial(true)); if (!$permissions) { return false; Index: trunk/core/units/statistics/statistics_tag_processor.php =================================================================== diff -u -r4765 -r5431 --- trunk/core/units/statistics/statistics_tag_processor.php (.../statistics_tag_processor.php) (revision 4765) +++ trunk/core/units/statistics/statistics_tag_processor.php (.../statistics_tag_processor.php) (revision 5431) @@ -214,10 +214,7 @@ function GetTotalPending() { - $sql = 'SELECT Prefix - FROM '.TABLE_PREFIX.'ItemTypes - WHERE LENGTH(ClassName) > 0'; - $prefixes = $this->Conn->GetCol($sql); + $prefixes = $this->getPendingPrefixes(); $sum = 0; foreach ($prefixes as $prefix) { @@ -226,12 +223,18 @@ return $sum; } - function PrintPendingStatistics($params) + function getPendingPrefixes() { $sql = 'SELECT Prefix - FROM '.TABLE_PREFIX.'ItemTypes - WHERE LENGTH(ClassName) > 0'; - $check_prefixes = $this->Conn->GetCol($sql); + FROM '.TABLE_PREFIX.'ItemTypes it + LEFT JOIN '.TABLE_PREFIX.'Modules m ON m.Name = it.Module + WHERE (m.Loaded = 1) AND (LENGTH(it.ClassName) > 0)'; + return $this->Conn->GetCol($sql); + } + + function PrintPendingStatistics($params) + { + $check_prefixes = $this->getPendingPrefixes(); if (!$check_prefixes) { return ''; } Index: trunk/kernel/admin_templates/incs/export.js =================================================================== diff -u -r5030 -r5431 --- trunk/kernel/admin_templates/incs/export.js (.../export.js) (revision 5030) +++ trunk/kernel/admin_templates/incs/export.js (.../export.js) (revision 5431) @@ -74,7 +74,12 @@ } else { // alert('progress: '+$progress+' ('+$http_request.responseText+')'); - alert($phrase_ResponceError); + if (typeof($Debugger) != 'undefined') { + alert('DEBUG_MODE: error in ajax responce' + "\n" + $http_request.responseText); + } + else { + alert($phrase_ResponceError); + } } } } Index: trunk/kernel/admin_templates/groups/permissions_selector.tpl =================================================================== diff -u -r5331 -r5431 --- trunk/kernel/admin_templates/groups/permissions_selector.tpl (.../permissions_selector.tpl) (revision 5331) +++ trunk/kernel/admin_templates/groups/permissions_selector.tpl (.../permissions_selector.tpl) (revision 5431) @@ -1,4 +1,4 @@ - + Index: trunk/admin/tag_listing.php =================================================================== diff -u -r3001 -r5431 --- trunk/admin/tag_listing.php (.../tag_listing.php) (revision 3001) +++ trunk/admin/tag_listing.php (.../tag_listing.php) (revision 5431) @@ -6,6 +6,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:tag_library'); include_once($pathtoroot."kernel/include/tag-class.php"); Index: trunk/admin/advanced_view.php =================================================================== diff -u -r4243 -r5431 --- trunk/admin/advanced_view.php (.../advanced_view.php) (revision 4243) +++ trunk/admin/advanced_view.php (.../advanced_view.php) (revision 5431) @@ -20,6 +20,7 @@ } $start = k4getmicrotime(); +define('ADVANCED_VIEW', 1); // new startup: begin define('REL_PATH', 'admin'); @@ -28,6 +29,7 @@ require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:advanced_view'); define('REQUIRE_LAYER_HEADER', 1); $b_topmargin = "0"; //$b_header_addon = "

"; Index: trunk/admin/tools/sql_query.php =================================================================== diff -u -r5289 -r5431 --- trunk/admin/tools/sql_query.php (.../sql_query.php) (revision 5289) +++ trunk/admin/tools/sql_query.php (.../sql_query.php) (revision 5431) @@ -19,6 +19,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:sql_query'); require_once ($pathtoroot.$admin."/include/elements.php"); require_once ($pathtoroot."kernel/admin/include/navmenu.php"); Index: trunk/admin/install/langpacks/english.lang =================================================================== diff -u -r5326 -r5431 --- trunk/admin/install/langpacks/english.lang (.../english.lang) (revision 5326) +++ trunk/admin/install/langpacks/english.lang (.../english.lang) (revision 5431) @@ -2228,7 +2228,7 @@ WC1Qcmlvcml0eTogMQ0KWC1NU01haWwtUHJpb3JpdHk6IEhpZ2gNClgtTWFpbGVyOiBJbi1Qb3J0YWwKU3ViamVjdDogQSBjYXRlZ29yeSBoYXMgYmVlbiBkZW5pZWQKCkEgY2F0ZWdvcnkgIjxpbnA6bV9jYXRlZ29yeV9maWVsZCBfRmllbGQ9Ik5hbWUiIF9TdHJpcEhUTUw9IjEiLz4iIGhhcyBiZWVuIGRlbmllZC4= WC1Qcmlvcml0eTogMQ0KWC1NU01haWwtUHJpb3JpdHk6IEhpZ2gNClgtTWFpbGVyOiBJbi1Qb3J0YWwKU3ViamVjdDogQSBjYXRlZ29yeSBoYXMgYmVlbiBtb2RpZmllZAoKWW91ciBzdWdnZXN0ZWQgY2F0ZWdvcnkgIjxpbnA6bV9jYXRlZ29yeV9maWVsZCBfRmllbGQ9Ik5hbWUiIF9TdHJpcEhUTUw9IjEiLz4iIGhhcyBiZWVuIG1vZGlmaWVkLg== WC1Qcmlvcml0eTogMQ0KWC1NU01haWwtUHJpb3JpdHk6IEhpZ2gNClgtTWFpbGVyOiBJbi1Qb3J0YWwKU3ViamVjdDogQSBjYXRlZ29yeSBoYXMgYmVlbiBtb2RpZmllZAoKQSBjYXRlZ29yeSAiPGlucDptX2NhdGVnb3J5X2ZpZWxkIF9GaWVsZD0iTmFtZSIgX1N0cmlwSFRNTD0iMSIvPiIgaGFzIGJlZW4gbW9kaWZpZWQu - WC1Qcmlvcml0eTogMQpYLU1TTWFpbC1Qcmlvcml0eTogSGlnaApYLU1haWxlcjogSW4tUG9ydGFsClN1YmplY3Q6IENvbW1vbiBGb290ZXIgVGVtcGxhdGUKCjxiciAvPi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08YnIgLz48YnIgLz5CZXN0IFJlZ2FyZHM8YnIgLz5ieSBJbi1Qb3J0YWw8YnIgLz4= + WC1Qcmlvcml0eTogMQpYLU1TTWFpbC1Qcmlvcml0eTogSGlnaApYLU1haWxlcjogSW4tUG9ydGFsClN1YmplY3Q6IENvbW1vbiBGb290ZXIgVGVtcGxhdGUKCg== WC1Qcmlvcml0eTogMQ0KWC1NU01haWwtUHJpb3JpdHk6IEhpZ2gNClgtTWFpbGVyOiBJbi1Qb3J0YWwKU3ViamVjdDogSW4tcG9ydGFsIHJlZ2lzdHJhdGlvbgoKRGVhciA8aW5wOnRvdXNlciBfRmllbGQ9IkZpcnN0TmFtZSIgLz4gPGlucDp0b3VzZXIgX0ZpZWxkPSJMYXN0TmFtZSIgLz4sDQoNClRoYW5rIHlvdSBmb3IgcmVnaXN0ZXJpbmcgb24gPGlucDptX3BhZ2VfdGl0bGUgLz4uIFlvdXIgcmVnaXN0cmF0aW9uIGlzIG5vdyBhY3RpdmUu WC1Qcmlvcml0eTogMQpYLU1TTWFpbC1Qcmlvcml0eTogSGlnaApYLU1haWxlcjogSW4tUG9ydGFsClN1YmplY3Q6IE5ldyB1c2VyIGhhcyBiZWVuIGFkZGVkCgpBIG5ldyB1c2VyICI8aW5wOnRvdXNlciBfRmllbGQ9IkxvZ2luIiAvPiIgaGFzIGJlZW4gYWRkZWQu WC1Qcmlvcml0eTogMQpYLU1TTWFpbC1Qcmlvcml0eTogSGlnaApYLU1haWxlcjogSW4tUG9ydGFsClN1YmplY3Q6IEluLVBvcnRhbCBSZWdpc3RyYXRpb24KCkRlYXIgPGlucDp0b3VzZXIgX0ZpZWxkPSJGaXJzdE5hbWUiIC8+IDxpbnA6dG91c2VyIF9GaWVsZD0iTGFzdE5hbWUiIC8+LA0KDQpUaGFuayB5b3UgZm9yIHJlZ2lzdGVyaW5nIG9uIDxpbnA6bV9wYWdlX3RpdGxlIC8+LiBZb3VyIHJlZ2lzdHJhdGlvbiB3aWxsIGJlIGFjdGl2ZSBhZnRlciBhcHByb3ZhbC4= Index: trunk/kernel/units/languages/import_xml.php =================================================================== diff -u -r4782 -r5431 --- trunk/kernel/units/languages/import_xml.php (.../import_xml.php) (revision 4782) +++ trunk/kernel/units/languages/import_xml.php (.../import_xml.php) (revision 5431) @@ -80,8 +80,7 @@ $this->Application->SetVar('lang_mode', 't'); $this->tables['lang'] = $this->prepareTempTable('lang'); - $this->Application->setUnitOption('lang','AutoLoad',false); - $this->lang_object =& $this->Application->recallObject('lang.imp'); + $this->lang_object =& $this->Application->recallObject('lang.imp', null, Array('skip_autoload' => true)); $this->tables['phrases'] = $this->prepareTempTable('phrases'); $this->tables['emailmessages'] = $this->prepareTempTable('emailmessages'); Index: trunk/kernel/units/images/image_tag_processor.php =================================================================== diff -u -r5340 -r5431 --- trunk/kernel/units/images/image_tag_processor.php (.../image_tag_processor.php) (revision 5340) +++ trunk/kernel/units/images/image_tag_processor.php (.../image_tag_processor.php) (revision 5431) @@ -50,10 +50,8 @@ function LoadItemImage($params) { $parent_item =& $this->Application->recallObject($params['PrefixSpecial']); + $object =& $this->Application->recallObject($this->getPrefixSpecial(), null, Array('skip_autoload' => true)); - $this->Application->setUnitOption($this->Prefix,'AutoLoad',false); - $object =& $this->Application->recallObject($this->getPrefixSpecial(), null); - // if we need primary thumbnail which is preloaded with products list $object->Clear(); Index: trunk/core/kernel/event_manager.php =================================================================== diff -u -r5423 -r5431 --- trunk/core/kernel/event_manager.php (.../event_manager.php) (revision 5423) +++ trunk/core/kernel/event_manager.php (.../event_manager.php) (revision 5431) @@ -338,8 +338,7 @@ { if( !$this->Application->prefixRegistred($hookto_prefix) ) { - if($this->Application->isDebugMode()) - { + if ($this->Application->isDebugMode()) { trigger_error('Prefix '.$hookto_prefix.' doesn\'t exist when trying to hook from '.$do_prefix.':'.$do_event.'', E_USER_WARNING); } return; Index: trunk/admin/users/adduser_items.php =================================================================== diff -u -r2853 -r5431 --- trunk/admin/users/adduser_items.php (.../adduser_items.php) (revision 2853) +++ trunk/admin/users/adduser_items.php (.../adduser_items.php) (revision 5431) @@ -19,6 +19,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:user_list'); require_once ($pathtoroot.$admin."/include/elements.php"); require_once ($pathtoroot."kernel/admin/include/navmenu.php"); Index: trunk/admin/users/adduser_permissions.php =================================================================== diff -u -r3001 -r5431 --- trunk/admin/users/adduser_permissions.php (.../adduser_permissions.php) (revision 3001) +++ trunk/admin/users/adduser_permissions.php (.../adduser_permissions.php) (revision 5431) @@ -19,6 +19,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:user_list'); require_once ($pathtoroot.$admin."/include/elements.php"); require_once ($pathtoroot."kernel/admin/include/navmenu.php"); Index: trunk/core/units/general/helpers/permissions_helper.php =================================================================== diff -u -r5325 -r5431 --- trunk/core/units/general/helpers/permissions_helper.php (.../permissions_helper.php) (revision 5325) +++ trunk/core/units/general/helpers/permissions_helper.php (.../permissions_helper.php) (revision 5431) @@ -276,6 +276,10 @@ $redirect_params = $this->Application->isDebugMode() ? Array('from_template' => 1, 'perms' => $params[ isset($params['permissions']) ? 'permissions' : 'perm_event'], 'next_template' => $t) : Array(); } + if (isset($params['index_file']) && $params['index_file']) { + $redirect_params['index_file'] = $params['index_file']; + } + return Array($redirect_template, $redirect_params); } Index: trunk/themes/default/login/login_form.tpl =================================================================== diff -u -r3201 -r5431 --- trunk/themes/default/login/login_form.tpl (.../login_form.tpl) (revision 3201) +++ trunk/themes/default/login/login_form.tpl (.../login_form.tpl) (revision 5431) @@ -1,6 +1,6 @@ "> - + - + + + +

Index: trunk/core/kernel/utility/temp_handler.php =================================================================== diff -u -r5176 -r5431 --- trunk/core/kernel/utility/temp_handler.php (.../temp_handler.php) (revision 5176) +++ trunk/core/kernel/utility/temp_handler.php (.../temp_handler.php) (revision 5431) @@ -281,8 +281,7 @@ //recalling by different name, because we may get kDBList, if we recall just by prefix $recall_prefix = $prefix_special.($special ? '' : '.').'-item'; - $this->Application->setUnitOption($prefix,'AutoLoad',false); - $object =& $this->Application->recallObject($recall_prefix, $prefix); + $object =& $this->Application->recallObject($recall_prefix, $prefix, Array('skip_autoload' => true)); foreach ($ids as $id) { Index: trunk/admin/install/upgrades/inportal_upgrade_v1.2.0.sql =================================================================== diff -u -r5289 -r5431 --- trunk/admin/install/upgrades/inportal_upgrade_v1.2.0.sql (.../inportal_upgrade_v1.2.0.sql) (revision 5289) +++ trunk/admin/install/upgrades/inportal_upgrade_v1.2.0.sql (.../inportal_upgrade_v1.2.0.sql) (revision 5431) @@ -44,6 +44,7 @@ INSERT INTO Permissions (Permission, GroupId, PermissionValue, Type, CatId) VALUES ('in-portal:user_groups.edit', 11, 1, 1, 0); INSERT INTO Permissions (Permission, GroupId, PermissionValue, Type, CatId) VALUES ('in-portal:user_groups.delete', 11, 1, 1, 0); INSERT INTO Permissions (Permission, GroupId, PermissionValue, Type, CatId) VALUES ('in-portal:user_groups.advanced:send_email', 11, 1, 1, 0); +INSERT INTO Permissions (Permission, GroupId, PermissionValue, Type, CatId) VALUES ('in-portal:user_groups.advanced:manage_permissions', 11, 1, 1, 0); INSERT INTO Permissions (Permission, GroupId, PermissionValue, Type, CatId) VALUES ('in-portal:configure_users.view', 11, 1, 1, 0); INSERT INTO Permissions (Permission, GroupId, PermissionValue, Type, CatId) VALUES ('in-portal:configure_users.edit', 11, 1, 1, 0); INSERT INTO Permissions (Permission, GroupId, PermissionValue, Type, CatId) VALUES ('in-portal:user_email.view', 11, 1, 1, 0); @@ -105,4 +106,7 @@ UPDATE ConfigurationAdmin SET ValueList = 'Name=la_Category_Name,Description=la_Category_Description,CreatedOn=la_Category_Date,EditorsPick=la_Category_Pick,SELECT Prompt AS OptionName, CONCAT("cust_", FieldName) AS OptionValue FROM CustomField WHERE (Type = 1) AND (IsSystem = 0)' WHERE VariableName IN ('Category_Sortfield', 'Category_Sortfield2'); +DELETE FROM ConfigurationAdmin WHERE VariableName = 'RootPassVerify'; +DELETE FROM ConfigurationValues WHERE VariableName = 'RootPassVerify'; + UPDATE Modules SET Version = '1.2.0' WHERE Name = 'In-Portal'; \ No newline at end of file Index: trunk/core/units/email_events/email_events_event_handler.php =================================================================== diff -u -r5248 -r5431 --- trunk/core/units/email_events/email_events_event_handler.php (.../email_events_event_handler.php) (revision 5248) +++ trunk/core/units/email_events/email_events_event_handler.php (.../email_events_event_handler.php) (revision 5431) @@ -120,10 +120,8 @@ $to_user_id = $event->getEventParam('EmailEventToUserId'); $email_event_type = $event->getEventParam('EmailEventType'); - - $this->Application->setUnitOption('emailmessages', 'AutoLoad', false); - $message_object = &$this->Application->recallObject('emailmessages'); - + + $message_object = &$this->Application->recallObject('emailmessages', null, Array('skip_autoload' => true)); $event_table = $this->Application->getUnitOption('emailevents', 'TableName'); $event_object = &$event->getObject(); @@ -154,23 +152,20 @@ $message_object->Load(array('EventId' => $event_id, 'LanguageId' => $this->Application->GetVar('m_lang'))); $message_type = $message_object->GetDBField('MessageType'); + $email_object = &$this->Application->recallObject('kEmailMessage'); + $email_object->Clear(); + // add footer: begin $sql = 'SELECT em.Template FROM '.$message_object->TableName.' em LEFT JOIN '.TABLE_PREFIX.'Events e ON e.EventId = em.EventId WHERE em.LanguageId = '.$message_object->GetDBField('LanguageId').' AND e.Event = "COMMON.FOOTER"'; $footer = explode("\n\n", $this->Conn->GetOne($sql)); - $footer = $message_object->GetDBField('MessageType') == 'text' ? strip_tags($footer[1]) : $footer[1]; + $footer = $message_object->GetDBField('MessageType') == 'text' ? $email_object->convertHTMLtoPlain($footer[1]) : $footer[1]; $message_template = $message_object->GetDBField('Template')."\r\n".$footer; // add footer: end - $email_object = &$this->Application->recallObject('kEmailMessage'); - $email_object->Clear(); - - $old_autoload = $this->Application->getUnitOption('u', 'AutoLoad'); - $this->Application->setUnitOption('u', 'AutoLoad', false); - - $from_user_object = &$this->Application->recallObject('u.-email'.$from_user_id); + $from_user_object = &$this->Application->recallObject('u.-email'.$from_user_id, null, Array('skip_autoload' => true)); $from_user_object->Load($from_user_id); // here if we don't have from_user loaded, it takes a default user from config values if ( $from_user_object->IsLoaded() ) { @@ -181,13 +176,11 @@ $from_user_email = $this->Application->ConfigValue('Smtp_AdminMailFrom'); } - $to_user_object = &$this->Application->recallObject('u.-email'.$to_user_id); + $to_user_object = &$this->Application->recallObject('u.-email'.$to_user_id, null, Array('skip_autoload' => true)); $to_user_object->Load($to_user_id); $to_user_email = $to_user_object->GetDBField('Email'); $to_user_name = trim($to_user_object->GetDBField('FirstName').' '.$to_user_object->GetDBField('LastName')); - $this->Application->setUnitOption('u', 'AutoLoad', $old_autoload); - if($direct_send_params){ $to_user_email = ( $direct_send_params['to_email'] ? $direct_send_params['to_email'] : $to_user_email ); $to_user_name = ( $direct_send_params['to_name'] ? $direct_send_params['to_name'] : $to_user_name ); Index: trunk/core/units/relationship/relationship_event_handler.php =================================================================== diff -u -r5373 -r5431 --- trunk/core/units/relationship/relationship_event_handler.php (.../relationship_event_handler.php) (revision 5373) +++ trunk/core/units/relationship/relationship_event_handler.php (.../relationship_event_handler.php) (revision 5431) @@ -22,8 +22,7 @@ */ function OnAddRelation(&$event) { - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject(); + $object =& $event->getObject( Array('skip_autoload' => true) ); $table_info = $object->getLinkedInfo(); $main_item_type = $this->Application->getUnitOption($table_info['ParentPrefix'],'ItemType'); Index: trunk/kernel/admin_templates/groups/groups_edit_permissions.tpl =================================================================== diff -u -r5331 -r5431 --- trunk/kernel/admin_templates/groups/groups_edit_permissions.tpl (.../groups_edit_permissions.tpl) (revision 5331) +++ trunk/kernel/admin_templates/groups/groups_edit_permissions.tpl (.../groups_edit_permissions.tpl) (revision 5431) @@ -1,4 +1,4 @@ - + Index: trunk/admin/logs/summary.php =================================================================== diff -u -r2853 -r5431 --- trunk/admin/logs/summary.php (.../summary.php) (revision 2853) +++ trunk/admin/logs/summary.php (.../summary.php) (revision 5431) @@ -19,6 +19,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:log_summary'); $pathtolocal = $pathtoroot."kernel/"; Index: trunk/core/kernel/utility/unit_config_reader.php =================================================================== diff -u -r5373 -r5431 --- trunk/core/kernel/utility/unit_config_reader.php (.../unit_config_reader.php) (revision 5373) +++ trunk/core/kernel/utility/unit_config_reader.php (.../unit_config_reader.php) (revision 5431) @@ -626,11 +626,9 @@ */ function prefixRegistred($prefix) { - return isset($this->configData[$prefix]) ? true : false; + return isset($this->prefixFiles[$prefix]) ? true : false; } - - } Index: trunk/admin/browse.php =================================================================== diff -u -r4965 -r5431 --- trunk/admin/browse.php (.../browse.php) (revision 4965) +++ trunk/admin/browse.php (.../browse.php) (revision 5431) @@ -28,6 +28,7 @@ require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:browse'); if($application->GetVar('Action') == 'm_paste') define('REDIRECT_REQUIRED',1); // this script can issue redirect header define('REQUIRE_LAYER_HEADER', 1); @@ -71,9 +72,6 @@ } } - -$application->InitParser(); - $cat_templates = $objModules->ExecuteFunction('GetModuleInfo', 'catalog_template'); foreach ($cat_templates as $a_mod => $a_template) { if (!$a_template) continue; @@ -434,7 +432,16 @@ el.onclick(); } } - } + } + + RecallVar('refresh_tree')) { + $application->RemoveVar('refresh_tree'); + echo 'var $tree_frame = window.parent.getFrame("menu");'; + echo '$tree_frame.location = $tree_frame.location;'; + } + + ?> $params['render_as']); ksort($section_data['children'], SORT_NUMERIC); foreach ($section_data['children'] as $priority => $section_name) { -// if (!$this->Application->CheckPermission($section_name.'.view', 1)) continue; - + if (!$this->Application->CheckPermission($section_name.'.view', 1)) continue; + $tab_data =& $sections_helper->getSectionData($section_name); $block_params['t'] = $tab_data['url']['t']; $block_params['title'] = $tab_data['label']; Index: trunk/admin/config/addtheme.php =================================================================== diff -u -r4688 -r5431 --- trunk/admin/config/addtheme.php (.../addtheme.php) (revision 4688) +++ trunk/admin/config/addtheme.php (.../addtheme.php) (revision 5431) @@ -19,6 +19,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:configure_themes'); /* set the destination of the image upload, relative to the root path */ $DestDir = 'kernel/images/'; Index: trunk/kernel/units/selectors/selectors_event_handler.php =================================================================== diff -u -r4685 -r5431 --- trunk/kernel/units/selectors/selectors_event_handler.php (.../selectors_event_handler.php) (revision 4685) +++ trunk/kernel/units/selectors/selectors_event_handler.php (.../selectors_event_handler.php) (revision 5431) @@ -158,8 +158,7 @@ */ function SaveChanges(&$event) { - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject(); + $object =& $event->getObject( Array('skip_autoload' => true) ); $items_info = $this->Application->GetVar( $event->getPrefixSpecial(true) ); if($items_info) @@ -352,8 +351,7 @@ */ function OnMassResetToBase(&$event) { - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject(); + $object =& $event->getObject( Array('skip_autoload' => true) ); $items_info = $this->Application->GetVar( $event->getPrefixSpecial(true) ); if($items_info) Index: trunk/core/units/permissions/permissions_event_handler.php =================================================================== diff -u -r5326 -r5431 --- trunk/core/units/permissions/permissions_event_handler.php (.../permissions_event_handler.php) (revision 5326) +++ trunk/core/units/permissions/permissions_event_handler.php (.../permissions_event_handler.php) (revision 5431) @@ -3,6 +3,19 @@ class PermissionsEventHandler extends InpDBEventHandler { /** + * Allows to override standart permission mapping + * + */ + function mapPermissions() + { + parent::mapPermissions(); + $permissions = Array( + 'OnGroupSavePermissions' => Array('subitem' => 'advanced:manage_permissions'), + ); + $this->permMapping = array_merge($this->permMapping, $permissions); + } + + /** * Save category permissions * * @param kEvent $event @@ -70,6 +83,11 @@ */ function OnGroupSavePermissions(&$event) { + if (!$this->Application->CheckPermission('in-portal:user_groups.advanced:manage_permissions', 1)) { + // no permission to save permissions + return false; + } + $permissions = $this->Application->GetVar($event->getPrefixSpecial(true)); if (!$permissions) { return false; Index: trunk/admin/install/inportal_data.sql =================================================================== diff -u -r5289 -r5431 --- trunk/admin/install/inportal_data.sql (.../inportal_data.sql) (revision 5289) +++ trunk/admin/install/inportal_data.sql (.../inportal_data.sql) (revision 5431) @@ -14,7 +14,6 @@ INSERT INTO ConfigurationAdmin VALUES ('User_NewGroup', 'la_Text_General', 'la_users_new_group', 'select', NULL, '0=lu_none,SELECT GroupId as OptionValue, Name as OptionName FROM PortalGroup WHERE Enabled=1 AND Personal=0', 10.08, 0, 1); INSERT INTO ConfigurationAdmin VALUES ('User_GuestGroup', 'la_Text_General', 'la_users_guest_group', 'select', NULL, '0=lu_none,SELECT GroupId as OptionValue, Name as OptionName FROM PortalGroup WHERE Enabled=1 AND Personal=0', 10.1, 0, 1); INSERT INTO ConfigurationAdmin VALUES ('RootPass', 'la_Text_General', 'la_prompt_root_pass', 'password', NULL, NULL, 10.12, 0, 0); -INSERT INTO ConfigurationAdmin VALUES ('RootPassVerify', 'la_Text_General', 'la_prompt_root_pass_verify', 'password', NULL, NULL, 10.13, 0, 0); INSERT INTO ConfigurationAdmin VALUES ('Users_AllowReset', 'la_Text_General', 'la_prompt_allow_reset', 'text', NULL, NULL, 10.05, 0, 0); INSERT INTO ConfigurationAdmin VALUES ('User_Allow_New', 'la_Text_General', 'la_users_allow_new', 'radio', '', '1=la_User_Instant,2=la_User_Not_Allowed,3=la_User_Upon_Approval', 10.01, 0, 1); INSERT INTO ConfigurationAdmin VALUES ('User_Password_Auto', 'la_Text_General', 'la_users_password_auto', 'checkbox', '', '', 10.06, 0, 1); @@ -129,7 +128,6 @@ INSERT INTO ConfigurationValues VALUES (NULL, 'Category_Highlight_CloseTag', '', 'In-Portal', 'in-portal:configure_categories') INSERT INTO ConfigurationValues VALUES (NULL, 'User_GuestGroup', '14', 'In-Portal:Users', 'in-portal:configure_users') INSERT INTO ConfigurationValues VALUES (NULL, 'RootPass', '', 'In-Portal:Users', 'in-portal:configure_users') -INSERT INTO ConfigurationValues VALUES (NULL, 'RootPassVerify', '', 'In-Portal:Users', 'in-portal:configure_users') INSERT INTO ConfigurationValues VALUES (NULL, 'Perpage_Category_Short', '3', 'In-Portal', 'in-portal:configure_categories') INSERT INTO ConfigurationValues VALUES (NULL, 'CookieSessions', '2', 'In-Portal', 'in-portal:configure_general') @@ -292,6 +290,7 @@ INSERT INTO Permissions (Permission, GroupId, PermissionValue, Type, CatId) VALUES ('in-portal:user_groups.edit', 11, 1, 1, 0); INSERT INTO Permissions (Permission, GroupId, PermissionValue, Type, CatId) VALUES ('in-portal:user_groups.delete', 11, 1, 1, 0); INSERT INTO Permissions (Permission, GroupId, PermissionValue, Type, CatId) VALUES ('in-portal:user_groups.advanced:send_email', 11, 1, 1, 0); +INSERT INTO Permissions (Permission, GroupId, PermissionValue, Type, CatId) VALUES ('in-portal:user_groups.advanced:manage_permissions', 11, 1, 1, 0); INSERT INTO Permissions (Permission, GroupId, PermissionValue, Type, CatId) VALUES ('in-portal:configure_users.view', 11, 1, 1, 0); INSERT INTO Permissions (Permission, GroupId, PermissionValue, Type, CatId) VALUES ('in-portal:configure_users.edit', 11, 1, 1, 0); INSERT INTO Permissions (Permission, GroupId, PermissionValue, Type, CatId) VALUES ('in-portal:user_email.view', 11, 1, 1, 0); Index: trunk/admin/install/upgrades/readme_1_2_0.txt =================================================================== diff -u --- trunk/admin/install/upgrades/readme_1_2_0.txt (revision 0) +++ trunk/admin/install/upgrades/readme_1_2_0.txt (revision 5431) @@ -0,0 +1,11 @@ +Readme notes for In-Portal 1.2.0 +Intechnic Corporation, Jul 4, 2006 + +New features: + - Administrative Console Section Permissions - allows controlling view, add, edit and delete permissions individually for every section of the Administrative Console, as weel as section-specific advanced permissions, such as approve, decline, etc. + - Navigation tree dynamic categories loading - the categories of the catalog are now accessible directly via the navigation tree + - Custom e-mail footer implemented, allowing to add a common footer to every e-mail sent out by the system + - Overall performance improvement due to several levels of caching + +IMPORTANT NOTE: +During the implementation of Administrative Console Section permissions a number of issues have been identified with potential ability for the attacker to gain access to some of In-portal stored data. The issues have been resolved with the implementation of new permissions system. Customers are strongly encouraged to upgrade to the latest version of In-portal platform and corresponding module versions to ensure the reliability and security of their websites! Index: trunk/kernel/admin/include/help/editcategory_items.txt =================================================================== diff -u --- trunk/kernel/admin/include/help/editcategory_items.txt (revision 0) +++ trunk/kernel/admin/include/help/editcategory_items.txt (revision 5431) @@ -0,0 +1,14 @@ +This tab controls module-specific category properties. The contents of the tab depends on the modules installed.
+In-newz module adds the following properties: +RSS Feed Properties: +

Source URL � this fields controls the RSS source URL used for populating current category with articles. The field also accepts multiple RSS source URLs separated by commas. +
Update Interval � the time interval used for parsing the RSS source and populating the category with articles. +

+RSS Feed Articles Expiration +

Default Expiration � the default expiration time of articles imported through RSS into the category. +
Expiration Check Interval � the time interval controlling the frequency of checking the expired articles for the purpose of deleting it (see Delete Expired checkbox below) +
Delete Expired � the checkbox controls whether expired articles should be completely deleted from the system, or simply marked as archived (expired). +

+As of the current version, In-link, In-commerce and In-bulletin modules do not have any category-level properties. Index: trunk/core/units/languages/import_xml.php =================================================================== diff -u -r4782 -r5431 --- trunk/core/units/languages/import_xml.php (.../import_xml.php) (revision 4782) +++ trunk/core/units/languages/import_xml.php (.../import_xml.php) (revision 5431) @@ -80,8 +80,7 @@ $this->Application->SetVar('lang_mode', 't'); $this->tables['lang'] = $this->prepareTempTable('lang'); - $this->Application->setUnitOption('lang','AutoLoad',false); - $this->lang_object =& $this->Application->recallObject('lang.imp'); + $this->lang_object =& $this->Application->recallObject('lang.imp', null, Array('skip_autoload' => true)); $this->tables['phrases'] = $this->prepareTempTable('phrases'); $this->tables['emailmessages'] = $this->prepareTempTable('emailmessages'); Index: trunk/core/admin_templates/groups/permissions_selector.tpl =================================================================== diff -u -r5331 -r5431 --- trunk/core/admin_templates/groups/permissions_selector.tpl (.../permissions_selector.tpl) (revision 5331) +++ trunk/core/admin_templates/groups/permissions_selector.tpl (.../permissions_selector.tpl) (revision 5431) @@ -1,4 +1,4 @@ - + Index: trunk/core/units/images/image_tag_processor.php =================================================================== diff -u -r5340 -r5431 --- trunk/core/units/images/image_tag_processor.php (.../image_tag_processor.php) (revision 5340) +++ trunk/core/units/images/image_tag_processor.php (.../image_tag_processor.php) (revision 5431) @@ -50,10 +50,8 @@ function LoadItemImage($params) { $parent_item =& $this->Application->recallObject($params['PrefixSpecial']); + $object =& $this->Application->recallObject($this->getPrefixSpecial(), null, Array('skip_autoload' => true)); - $this->Application->setUnitOption($this->Prefix,'AutoLoad',false); - $object =& $this->Application->recallObject($this->getPrefixSpecial(), null); - // if we need primary thumbnail which is preloaded with products list $object->Clear(); Index: trunk/kernel/units/phrases/phrases_event_handler.php =================================================================== diff -u -r3282 -r5431 --- trunk/kernel/units/phrases/phrases_event_handler.php (.../phrases_event_handler.php) (revision 3282) +++ trunk/kernel/units/phrases/phrases_event_handler.php (.../phrases_event_handler.php) (revision 5431) @@ -11,11 +11,9 @@ { parent::OnNew($event); $label = $this->Application->GetVar('phrases_label'); - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject( $label ? Array('live_table'=>true) : Array() ); - if($label) - { + $object =& $event->getObject( $label ? Array('live_table'=>true, 'skip_autoload' => true) : Array('skip_autoload' => true) ); + if ($label) { $object->SetDBField('Phrase',$label); $object->SetDBField('LanguageId', $this->Application->GetVar('m_lang') ); $object->SetDBField('PhraseType',1); @@ -46,12 +44,9 @@ function OnBeforePhraseCreate(&$event) { $edit_direct = $this->Application->GetVar($event->Prefix.'_label'); - if($edit_direct) - { - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject(); - if( $this->Application->GetVar('m_lang') != $this->Application->GetVar('lang_id') ) - { + if ($edit_direct) { + $object =& $event->getObject( Array('skip_autoload' => true) ); + if ($this->Application->GetVar('m_lang') != $this->Application->GetVar('lang_id')) { $object->SwitchToLive(); } } Index: trunk/kernel/units/groups/groups_config.php =================================================================== diff -u -r5272 -r5431 --- trunk/kernel/units/groups/groups_config.php (.../groups_config.php) (revision 5272) +++ trunk/kernel/units/groups/groups_config.php (.../groups_config.php) (revision 5431) @@ -50,7 +50,7 @@ 'icon' => 'usergroups', 'label' => 'la_tab_User_Groups', 'url' => Array('t' => 'groups/groups_list', 'pass' => 'm'), - 'permissions' => Array('view', 'add', 'edit', 'delete', 'advanced:send_email'), + 'permissions' => Array('view', 'add', 'edit', 'delete', 'advanced:send_email', 'advanced:manage_permissions'), 'priority' => 2, 'type' => stTREE, ), Index: trunk/kernel/include/emailmessage.php =================================================================== diff -u -r4642 -r5431 --- trunk/kernel/include/emailmessage.php (.../emailmessage.php) (revision 4642) +++ trunk/kernel/include/emailmessage.php (.../emailmessage.php) (revision 5431) @@ -73,9 +73,13 @@ LEFT JOIN '.TABLE_PREFIX.'Events e ON e.EventId = em.EventId WHERE em.LanguageId = '.$this->Get('LanguageId').' AND e.Event = "COMMON.FOOTER"'; $footer = explode("\n\n", $this->Conn->GetOne($sql)); - $footer = $this->Get('MessageType') == 'text' ? strip_tags($footer[1]) : $footer[1]; + + $email_object = &$this->Application->recallObject('kEmailMessage'); + $email_object->Clear(); + + $footer = $this->Get('MessageType') == 'text' ? $email_object->convertHTMLtoPlain($footer[1]) : $footer[1]; - $template = $this->Get('Template')."\r\n".$footer; + $template = $this->Get('Template'); //."\r\n".$footer; // add footer: end $lines = explode("\n", $template); @@ -102,6 +106,8 @@ while ($ibody .= $lines[$i++]; } + + $this->body .= "\r".$footer; $this->TemplateParsed = true; @@ -256,8 +262,7 @@ } else { - $body = nl2br(str_replace("\r", "", $body)); - $body = str_replace('
', "\n", $body); + $body = str_replace("\r", "", $body); $objEmailQueue->SendMail($FromAddr,$FromName,$to_addr,$To,$subject,$body,"",$charset, $this->Get("Event"),NULL,$this->headers); } @@ -303,8 +308,7 @@ } else { - $body=nl2br($body); - $body = str_replace("
","\n",$body); + $body = str_replace("\r", "", $body); $objEmailQueue->SendMail($FromAddr,$FromName,$to_addr,$To,$subject,$body,"",$charset, $this->Get("Event"),NULL,$this->headers); } @@ -942,21 +946,11 @@ $application =& kApplication::Instance(); $db =& $application->GetADODBConnection(); - // get footer: begin - $sql = 'SELECT em.Template - FROM '.TABLE_PREFIX.'EmailMessage em - LEFT JOIN '.TABLE_PREFIX.'Events e ON e.EventId = em.EventId - WHERE em.LanguageId = '.$GLOBALS['m_var_list']['lang'].' AND e.Event = "COMMON.FOOTER"'; - $footer = explode("\n\n", $db->GetOne($sql)); - $footer = $footer[1]; - // get footer: end - - if(!$Text) - { - $Text = strip_tags($Html."\r\n".$footer); + if (!$Text) { + $Text = strip_tags($Html); } else { - $Text = strip_tags($Text."\r\n".$footer); + $Text = strip_tags($Text); } $msg .= "--" . $boundary . "\n"; @@ -970,7 +964,7 @@ $msg .= "--" . $boundary . "\n"; $msg .= "Content-Type: text/html; charset=\"iso-8859-1\""."\n"; $msg .= "Content-Transfer-Encoding: 8bit"."\n"."\n"; - $msg .= stripslashes($Html."\r\n".$footer); + $msg .= stripslashes($Html); $msg .= "\n"."\n"; } $msg .= "--" . $boundary . "--"."\n"; Index: trunk/kernel/units/reviews/reviews_event_handler.php =================================================================== diff -u -r5219 -r5431 --- trunk/kernel/units/reviews/reviews_event_handler.php (.../reviews_event_handler.php) (revision 5219) +++ trunk/kernel/units/reviews/reviews_event_handler.php (.../reviews_event_handler.php) (revision 5431) @@ -86,8 +86,7 @@ { $user_id = $this->Application->GetVar('u_id') ? $this->Application->GetVar('u_id') : -2; $ip = $_SERVER['REMOTE_ADDR']; - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject(); + $object =& $event->getObject( Array('skip_autoload' => true) ); $product_info = $object->getLinkedInfo(); $object->addFilter('current_item', '%1$s.ItemId = '.$product_info['ParentId']); $object->addFilter('current_user', '%1$s.CreatedById = '.$user_id); @@ -105,13 +104,11 @@ { $user_id = ($this->Application->GetVar('u_id') == 0) ? -2 : $this->Application->GetVar('u_id'); $event->redirect_params = Array('pass' => 'all,p'); - - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject(); - + + $object =& $event->getObject( Array('skip_autoload' => true) ); $parent_info = $object->getLinkedInfo(); $review_fields = $this->Application->GetVar($event->getPrefixSpecial(true)); - + $sql = ' SELECT * FROM '.TABLE_PREFIX.'SpamControl WHERE ItemResourceId='.$parent_info['ParentId'].' AND IPaddress="'.$_SERVER['REMOTE_ADDR'].'" Index: trunk/admin/modules/addmodule.php =================================================================== diff -u -r4977 -r5431 --- trunk/admin/modules/addmodule.php (.../addmodule.php) (revision 4977) +++ trunk/admin/modules/addmodule.php (.../addmodule.php) (revision 5431) @@ -19,6 +19,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:addmodule'); $pathtolocal = $pathtoroot."kernel/"; Index: trunk/admin/users/user_addimage.php =================================================================== diff -u -r4645 -r5431 --- trunk/admin/users/user_addimage.php (.../user_addimage.php) (revision 4645) +++ trunk/admin/users/user_addimage.php (.../user_addimage.php) (revision 5431) @@ -19,6 +19,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:user_list'); /* set the destination of the image upload, relative to the root path */ $DestDir = 'kernel/images/'; Index: trunk/kernel/action.php =================================================================== diff -u -r5289 -r5431 --- trunk/kernel/action.php (.../action.php) (revision 5289) +++ trunk/kernel/action.php (.../action.php) (revision 5431) @@ -497,19 +497,16 @@ case "m_cat_delete": if($ro_perm) break; - if($objSession->HasCatPermission("CATEGORY.DELETE",$objCatList->CurrentCategoryID())) - { - if(isset($_POST["catlist"])) - { - if(is_array($_POST["catlist"])) - foreach($_POST["catlist"] as $catid) - { - $objCatList->Delete_Category($catid); - - } - } - } - break; + if(isset($_POST["catlist"])) + { + if(is_array($_POST["catlist"])) + foreach ($_POST["catlist"] as $catid) { + $objCatList->Delete_Category($catid, true); + } + $application->StoreVar('refresh_tree', 1); + } + break; + case "m_cat_cut": if($ro_perm) break; if(isset($_POST["catlist"])) Index: trunk/kernel/units/stylesheets/stylesheets_item.php =================================================================== diff -u -r3559 -r5431 --- trunk/kernel/units/stylesheets/stylesheets_item.php (.../stylesheets_item.php) (revision 3559) +++ trunk/kernel/units/stylesheets/stylesheets_item.php (.../stylesheets_item.php) (revision 5431) @@ -4,8 +4,7 @@ { function Compile() { - $this->Application->setUnitOption('selectors', 'AutoLoad', false); - $selector_item =& $this->Application->recallObject('selectors.item', 'selectors', Array('live_table'=>true) ); + $selector_item =& $this->Application->recallObject('selectors.item', 'selectors', Array('live_table'=>true, 'skip_autoload' => true) ); $parent_field = $this->Application->getUnitOption($selector_item->Prefix, 'ForeignKey'); $sql_template = 'SELECT '.$selector_item->IDField.' FROM '.$selector_item->TableName.' WHERE '.$parent_field.' = %s ORDER BY SelectorName ASC'; Index: trunk/admin/email/do_send.php =================================================================== diff -u -r3145 -r5431 --- trunk/admin/email/do_send.php (.../do_send.php) (revision 3145) +++ trunk/admin/email/do_send.php (.../do_send.php) (revision 5431) @@ -62,16 +62,36 @@ $TargetURL = $_SERVER["PHP_SELF"]."?".$envar.'&destform=popup'; $CancelURL = $TargetURL."&EmailState=email_user_cancel"; + function getEmailFooter($is_html = true) + { + static $footer = Array('html' => null, 'plain' => null); + + $footer_body =& $footer[$is_html ? 'html' : 'plain']; + if (is_null($footer_body)) { + $application =& kApplication::Instance(); + $email_object =& $application->recallObject('kEmailMessage'); + $email_object->Clear(); + + $sql = 'SELECT em.Template + FROM '.TABLE_PREFIX.'EmailMessage em + LEFT JOIN '.TABLE_PREFIX.'Events e ON e.EventId = em.EventId + WHERE em.LanguageId = '.$application->GetVar('m_lang').' AND e.Event = "COMMON.FOOTER"'; + $footer_body = explode("\n\n", $application->Conn->GetOne($sql)); + $footer_body = "\r\n".($is_html ? $footer_body[1] : $email_object->convertHTMLtoPlain($footer_body[1])); + } + return $footer_body; + } + /*Initialize page*/ switch($State) { case "email_single_send": /*single user send */ $PageTitle = admin_language("la_Title_SendInit"); $Subject = $_POST["subject"]; - $Html = $_POST["messageHTML"]; - $Text = strip_tags($_POST["messageTEXT"]); - + $Html = $_POST["messageHTML"].getEmailFooter(true); + $Text = strip_tags($_POST["messageTEXT"]).getEmailFooter(false); + if(is_array($_FILES)) { $attatch = $_FILES["attatchment"]; @@ -99,8 +119,8 @@ //echo $_POST["sendaddrs"]."
\n"; $Subject = $_POST["subject"]; - $Html = $_POST["messageHTML"]; - $Text = strip_tags($_POST["messageTEXT"]); + $Html = $_POST["messageHTML"].getEmailFooter(true); + $Text = strip_tags($_POST["messageTEXT"]).getEmailFooter(false); if(is_array($_FILES)) { Index: trunk/kernel/units/general/cat_dbitem_export.php =================================================================== diff -u -r4243 -r5431 --- trunk/kernel/units/general/cat_dbitem_export.php (.../cat_dbitem_export.php) (revision 4243) +++ trunk/kernel/units/general/cat_dbitem_export.php (.../cat_dbitem_export.php) (revision 5431) @@ -51,6 +51,12 @@ */ var $filePointer = null; + /** + * Custom fields definition of current item + * + * @var Array + */ + var $customFields = Array(); function kCatDBItemExportHelper() { @@ -282,6 +288,7 @@ } else { foreach ($check_fields as $check_field) { + $check_field = preg_replace('/^cust_(.*)/', 'Custom_\\1', $check_field); if (!in_array($check_field, $this->exportOptions['ExportColumns'])) { $object->setError('ExportColumns', 'required'); $ret = false; @@ -354,29 +361,35 @@ fclose($this->filePointer); } + function getCustomSQL() + { + $ml_formatter =& $this->Application->recallObject('kMultiLanguage'); + + $custom_sql = ''; + foreach ($this->customFields as $custom_id => $custom_name) { + $custom_sql .= 'custom_data.'.$ml_formatter->LangFieldName('cust_'.$custom_id).' AS cust_'.$custom_name.', '; + } + + return preg_replace('/(.*), /', '\\1', $custom_sql); + } + function getExportSQL($count_only = false) { if ($this->exportOptions['export_ids'] === false) { // get links from current category & all it's subcategories $join_clauses = Array(); - $custom_sql = ''; - $custom_table = $this->Application->getUnitOption($this->curItem->Prefix.'-cdata', 'TableName'); - - if ($custom_table) { - $ml_formatter =& $this->Application->recallObject('kMultiLanguage'); - $custom_fields = $this->Application->getUnitOption($this->curItem->Prefix, 'CustomFields'); - - foreach ($custom_fields as $custom_id => $custom_name) { - $custom_sql .= 'custom_data.'.$ml_formatter->LangFieldName('cust_'.$custom_id).' AS cust_'.$custom_name.','; - } + $custom_sql = $this->getCustomSQL(); + if ($custom_sql) { + $custom_table = $this->Application->getUnitOption($this->curItem->Prefix.'-cdata', 'TableName'); $join_clauses[$custom_table.' custom_data'] = 'custom_data.ResourceId = item_table.ResourceId'; } + $join_clauses[TABLE_PREFIX.'CategoryItems ci'] = 'ci.ItemResourceId = item_table.ResourceId'; $join_clauses[TABLE_PREFIX.'Category c'] = 'c.CategoryId = ci.CategoryId'; - $sql = 'SELECT item_table.*, '.$custom_sql.' ci.CategoryId + $sql = 'SELECT item_table.*, ci.CategoryId'.($custom_sql ? ', '.$custom_sql : '').' FROM '.$this->curItem->TableName.' item_table'; foreach ($join_clauses as $table_name => $join_expression) { @@ -425,7 +438,7 @@ $this->exportOptions = $this->loadOptions($event); $this->exportFields = $this->exportOptions['ExportColumns']; $this->curItem =& $event->getObject( Array('skip_autoload' => true) ); - + $this->customFields = $this->Application->getUnitOption($event->Prefix, 'CustomFields'); $this->openFile($event); if ($this->exportOptions['start_from'] == 0) // first export step @@ -636,7 +649,8 @@ break; } $this->curItem->Clear(); - + $this->customFields = $this->Application->getUnitOption($event->Prefix, 'CustomFields'); + if (isset($record_data)) { $this->setImportData($record_data); } @@ -739,7 +753,15 @@ if (count($load_keys)) { $where_clause = ''; foreach ($load_keys as $field_name => $field_value) { - $where_clause .= '(item_table.`'.$field_name.'` = '.$this->Conn->qstr($field_value).') AND '; + if (preg_match('/^cust_(.*)/', $field_name, $regs)) { + $custom_id = array_search($regs[1], $this->customFields); + $field_name = 'l'.$this->Application->GetVar('m_lang').'_cust_'.$custom_id; + $where_clause .= '(custom_data.`'.$field_name.'` = '.$this->Conn->qstr($field_value).') AND '; + } + else { + $where_clause .= '(item_table.`'.$field_name.'` = '.$this->Conn->qstr($field_value).') AND '; + } + } $where_clause = preg_replace('/(.*) AND $/', '\\1', $where_clause); @@ -750,9 +772,11 @@ $parent_path = $this->getParentPath($category_id); $where_clause = '(c.ParentPath LIKE "'.$parent_path.'%") AND '.$where_clause; } - + + $cdata_table = $this->Application->getUnitOption($event->Prefix.'-cdata', 'TableName'); $sql = 'SELECT '.$this->curItem->IDField.' FROM '.$this->curItem->TableName.' item_table + LEFT JOIN '.$cdata_table.' custom_data ON custom_data.ResourceId = item_table.ResourceId LEFT JOIN '.TABLE_PREFIX.'CategoryItems ci ON ci.ItemResourceId = item_table.ResourceId LEFT JOIN '.TABLE_PREFIX.'Category c ON c.CategoryId = ci.CategoryId WHERE '.$where_clause; Index: trunk/admin/tools/sql_result.php =================================================================== diff -u -r5289 -r5431 --- trunk/admin/tools/sql_result.php (.../sql_result.php) (revision 5289) +++ trunk/admin/tools/sql_result.php (.../sql_result.php) (revision 5431) @@ -19,6 +19,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:sql_query'); require_once ($pathtoroot.$admin."/include/elements.php"); require_once ($pathtoroot."kernel/admin/include/navmenu.php"); Fisheye: Tag 5431 refers to a dead (removed) revision in file `trunk/kernel/admin/include/toolbar/configure_users.php'. Fisheye: No comparison available. Pass `N' to diff? Index: trunk/core/admin_templates/groups/groups_edit_permissions.tpl =================================================================== diff -u -r5331 -r5431 --- trunk/core/admin_templates/groups/groups_edit_permissions.tpl (.../groups_edit_permissions.tpl) (revision 5331) +++ trunk/core/admin_templates/groups/groups_edit_permissions.tpl (.../groups_edit_permissions.tpl) (revision 5431) @@ -1,4 +1,4 @@ - + Index: trunk/kernel/units/general/cat_event_handler.php =================================================================== diff -u -r5340 -r5431 --- trunk/kernel/units/general/cat_event_handler.php (.../cat_event_handler.php) (revision 5340) +++ trunk/kernel/units/general/cat_event_handler.php (.../cat_event_handler.php) (revision 5431) @@ -120,10 +120,8 @@ $ids_sql = 'SELECT '.$id_field.' FROM '.$table.' WHERE ResourceId IN (%s)'; $resource_ids_sql = 'SELECT ItemResourceId FROM '.TABLE_PREFIX.'CategoryItems WHERE CategoryId = %s AND PrimaryCat = 1'; + $object =& $this->Application->recallObject($event->Prefix.'.item', $event->Prefix, Array('skip_autoload' => true)); - $this->Application->setUnitOption($event->Prefix,'AutoLoad', false); - $object =& $this->Application->recallObject($event->Prefix.'.item', $event->Prefix); - foreach($cat_ids as $source_cat => $dest_cat) { $item_resource_ids = $this->Conn->GetCol( sprintf($resource_ids_sql, $source_cat) ); @@ -135,7 +133,7 @@ $temp =& $this->Application->recallObject($event->getPrefixSpecial().'_TempHandler', 'kTempTablesHandler'); if($item_ids) $temp->CloneItems($event->Prefix, $event->Special, $item_ids); } - $this->Application->setUnitOption($event->Prefix,'AutoLoad', true); + $this->Application->SetVar('m_cat_id', $saved_cat_id); } } Index: trunk/kernel/units/reviews/reviews_tag_processor.php =================================================================== diff -u -r5219 -r5431 --- trunk/kernel/units/reviews/reviews_tag_processor.php (.../reviews_tag_processor.php) (revision 5219) +++ trunk/kernel/units/reviews/reviews_tag_processor.php (.../reviews_tag_processor.php) (revision 5431) @@ -53,7 +53,7 @@ function AlreadyReviewed($params) { $user_id = ($this->Application->GetVar('u_id') == 0) ? -2 : $this->Application->GetVar('u_id'); - $object =& $this->Application->recallObject($this->getPrefixSpecial(),null,array('skip_autoload'=>1)); + $object =& $this->getObject( Array('skip_autoload' => true) ); $product_info = $object->getLinkedInfo(); $sql = ' SELECT * FROM '.TABLE_PREFIX.'SpamControl Index: trunk/kernel/admin_templates/groups/groups_edit_tabs.tpl =================================================================== diff -u -r4596 -r5431 --- trunk/kernel/admin_templates/groups/groups_edit_tabs.tpl (.../groups_edit_tabs.tpl) (revision 4596) +++ trunk/kernel/admin_templates/groups/groups_edit_tabs.tpl (.../groups_edit_tabs.tpl) (revision 5431) @@ -5,7 +5,10 @@

Index: trunk/themes/default/misc/right_login.tpl =================================================================== diff -u -r2481 -r5431 --- trunk/themes/default/misc/right_login.tpl (.../right_login.tpl) (revision 2481) +++ trunk/themes/default/misc/right_login.tpl (.../right_login.tpl) (revision 5431) @@ -34,7 +34,7 @@ : - + Index: trunk/admin/backup/restore1.php =================================================================== diff -u -r2853 -r5431 --- trunk/admin/backup/restore1.php (.../restore1.php) (revision 2853) +++ trunk/admin/backup/restore1.php (.../restore1.php) (revision 5431) @@ -6,6 +6,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:restore'); $pathtolocal = $pathtoroot."kernel/"; require_once ($pathtoroot."admin/include/elements.php"); Index: trunk/admin/backup/restore2.php =================================================================== diff -u -r3282 -r5431 --- trunk/admin/backup/restore2.php (.../restore2.php) (revision 3282) +++ trunk/admin/backup/restore2.php (.../restore2.php) (revision 5431) @@ -6,6 +6,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:restore'); $pathtolocal = $pathtoroot."kernel/"; require_once ($pathtoroot."admin/include/elements.php"); Index: trunk/admin/backup/restore3.php =================================================================== diff -u -r2853 -r5431 --- trunk/admin/backup/restore3.php (.../restore3.php) (revision 2853) +++ trunk/admin/backup/restore3.php (.../restore3.php) (revision 5431) @@ -6,6 +6,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:restore'); $pathtolocal = $pathtoroot."kernel/"; require_once ($pathtoroot."admin/include/elements.php"); Index: trunk/admin/backup/restore4.php =================================================================== diff -u -r2853 -r5431 --- trunk/admin/backup/restore4.php (.../restore4.php) (revision 2853) +++ trunk/admin/backup/restore4.php (.../restore4.php) (revision 5431) @@ -6,6 +6,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:restore'); $pathtolocal = $pathtoroot."kernel/"; require_once ($pathtoroot."admin/include/elements.php"); Index: trunk/admin/users/banuser.php =================================================================== diff -u -r3303 -r5431 --- trunk/admin/users/banuser.php (.../banuser.php) (revision 3303) +++ trunk/admin/users/banuser.php (.../banuser.php) (revision 5431) @@ -19,6 +19,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:user_list'); require_once ($pathtoroot.$admin."/include/elements.php"); require_once ($pathtoroot."kernel/admin/include/navmenu.php"); @@ -45,7 +46,7 @@ $objUsers->CreateEmptyEditTable("PortalUserId"); $objRelList->CreateEmptyEditTable("RelationshipId"); $objImages->CreateEmptyEditTable("ResourceId"); - $objCustomDataList->CreateEmptyEditTable("CustomDataId"); + $objCustomDataList->CreateEmptyEditTable('u'); $objUserGroupsList->CreateEmptyEditTable("PortalUserId"); } else @@ -71,7 +72,7 @@ $ids = $objEditItems->GetResourceIDList(); $objRelList->CopyToEditTable("SourceId",$ids); $objImages->CopyToEditTable("ResourceId",$ids); - $objCustomDataList->CopyToEditTable("ResourceId",$ids); + $objCustomDataList->CopyToEditTable('u', $ids); $objUserGroupsList->CopyToEditTable("PortalUserId", $user_ids); } Index: trunk/core/units/admin/admin_tag_processor.php =================================================================== diff -u -r5296 -r5431 --- trunk/core/units/admin/admin_tag_processor.php (.../admin_tag_processor.php) (revision 5296) +++ trunk/core/units/admin/admin_tag_processor.php (.../admin_tag_processor.php) (revision 5431) @@ -318,8 +318,8 @@ $block_params = Array('name' => $params['render_as']); ksort($section_data['children'], SORT_NUMERIC); foreach ($section_data['children'] as $priority => $section_name) { -// if (!$this->Application->CheckPermission($section_name.'.view', 1)) continue; - + if (!$this->Application->CheckPermission($section_name.'.view', 1)) continue; + $tab_data =& $sections_helper->getSectionData($section_name); $block_params['t'] = $tab_data['url']['t']; $block_params['title'] = $tab_data['label']; Index: trunk/kernel/include/category.php =================================================================== diff -u -r5254 -r5431 --- trunk/kernel/include/category.php (.../category.php) (revision 5254) +++ trunk/kernel/include/category.php (.../category.php) (revision 5431) @@ -2330,16 +2330,27 @@ return $dest->Get("CategoryId"); } - function Delete_Category($Id) + function Delete_Category($Id, $check_perm = false) { global $objSession; $d =& $this->GetCategory($Id); - if(is_object($d)) - { - if($d->Get("CategoryId")==$Id) - { + if (is_object($d)) { + $perm_status = true; + if ($check_perm) { + if (defined('ADVANCED_VIEW') && ADVANCED_VIEW) { + // check by this cat parent category + $check_cat = $d->Get('ParentId'); + } + else { + // check by current category + $check_cat = $this->CurrentCategoryID(); + } + $perm_status = $objSession->HasCatPermission('CATEGORY.DELETE', $check_cat); + } + + if (($d->Get("CategoryId") == $Id) && $perm_status) { $d->SendUserEventMail("CATEGORY.DELETE",$objSession->Get("PortalUserId")); $d->SendAdminEventMail("CATEGORY.DELETE"); $p =& $this->GetCategory($d->Get("ParentId")); Index: trunk/core/kernel/utility/email.php =================================================================== diff -u -r5248 -r5431 --- trunk/core/kernel/utility/email.php (.../email.php) (revision 5248) +++ trunk/core/kernel/utility/email.php (.../email.php) (revision 5431) @@ -136,8 +136,10 @@ $this->Compiled = false; } - function compileBody(){ - $search = array ( + + function convertHTMLtoPlain($text) + { + $search = Array ( "'(<\/td>.*)[\r\n]+(.*)|(<\/p>)|(<\/div>)|(<\/tr>)'i", "'(.*?)'si", @@ -158,7 +160,7 @@ "'&#(\d+);'e" ); - $replace = array ( + $replace = Array ( "\\1\t\\2", "\n", "", @@ -178,11 +180,14 @@ chr(169), "chr(\\1)" ); + return strip_tags( preg_replace ($search, $replace, $text) ); + } + + function compileBody(){ + if($this->BodyHtml){ - - - $not_html = preg_replace ($search, $replace, $this->BodyHtml); - $not_html = strip_tags($not_html); + $not_html = $this->convertHTMLtoPlain($this->BodyHtml); + // $not_html = $this->removeBlankLines($not_html); // Fixing problem with add exclamation characters "!" into the body of the email. $not_html = wordwrap($not_html, 72); @@ -212,8 +217,7 @@ $this->IsMultipart = true; }else{ - $not_html = preg_replace ($search, $replace, $this->BodyText); - $not_html = strip_tags($not_html); + $not_html = $this->convertHTMLtoPlain($this->BodyText); // $not_html = $this->removeBlankLines($not_html); // Fixing problem with add exclamation characters "!" into the body of the email. $not_html = wordwrap($not_html, 72); Index: trunk/admin/users/adduser_groups.php =================================================================== diff -u -r3668 -r5431 --- trunk/admin/users/adduser_groups.php (.../adduser_groups.php) (revision 3668) +++ trunk/admin/users/adduser_groups.php (.../adduser_groups.php) (revision 5431) @@ -19,6 +19,7 @@ define('FULL_PATH', realpath(dirname(__FILE__) . str_repeat('/..', $relation_level) ) ); require_once FULL_PATH.'/kernel/startup.php'; // new startup: end +checkViewPermission('in-portal:user_list'); require_once ($pathtoroot.$admin."/include/elements.php"); require_once ($pathtoroot."kernel/admin/include/navmenu.php"); Index: trunk/kernel/units/stylesheets/stylesheets_event_handler.php =================================================================== diff -u -r1654 -r5431 --- trunk/kernel/units/stylesheets/stylesheets_event_handler.php (.../stylesheets_event_handler.php) (revision 1654) +++ trunk/kernel/units/stylesheets/stylesheets_event_handler.php (.../stylesheets_event_handler.php) (revision 5431) @@ -10,8 +10,7 @@ */ function OnCompileStylesheet(&$event) { - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject(); + $object =& $event->getObject( Array('skip_autoload' => true) ); $object->SwitchToLive(); $ids = explode(',', $event->MasterEvent->getEventParam('ids') ); Index: trunk/core/units/selectors/selectors_event_handler.php =================================================================== diff -u -r4685 -r5431 --- trunk/core/units/selectors/selectors_event_handler.php (.../selectors_event_handler.php) (revision 4685) +++ trunk/core/units/selectors/selectors_event_handler.php (.../selectors_event_handler.php) (revision 5431) @@ -158,8 +158,7 @@ */ function SaveChanges(&$event) { - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject(); + $object =& $event->getObject( Array('skip_autoload' => true) ); $items_info = $this->Application->GetVar( $event->getPrefixSpecial(true) ); if($items_info) @@ -352,8 +351,7 @@ */ function OnMassResetToBase(&$event) { - $this->Application->setUnitOption($event->Prefix,'AutoLoad',false); - $object =& $event->getObject(); + $object =& $event->getObject( Array('skip_autoload' => true) ); $items_info = $this->Application->GetVar( $event->getPrefixSpecial(true) ); if($items_info)