[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpcompta-dev] r4320 - in phpcompta/trunk: html include
|
From: |
phpcompta-dev |
|
Subject: |
[Phpcompta-dev] r4320 - in phpcompta/trunk: html include |
|
Date: |
Tue, 8 Nov 2011 20:45:09 +0100 (CET) |
Author: danydb
Date: 2011-11-08 20:45:07 +0100 (Tue, 08 Nov 2011)
New Revision: 4320
Removed:
phpcompta/trunk/include/impress.inc.php
Modified:
phpcompta/trunk/html/ajax_report.php
phpcompta/trunk/html/show_document.php
phpcompta/trunk/include/ac_common.php
phpcompta/trunk/include/action.inc.php
phpcompta/trunk/include/adm.inc.php
phpcompta/trunk/include/balance.inc.php
phpcompta/trunk/include/company.inc.php
phpcompta/trunk/include/export_balance_pdf.php
phpcompta/trunk/include/export_fiche_balance_pdf.php
phpcompta/trunk/include/export_fiche_pdf.php
phpcompta/trunk/include/export_gl_pdf.php
phpcompta/trunk/include/export_ledger_csv.php
phpcompta/trunk/include/export_ledger_pdf.php
phpcompta/trunk/include/export_poste_detail.php
phpcompta/trunk/include/export_security_pdf.php
phpcompta/trunk/include/opening.inc.php
phpcompta/trunk/include/param_pcmn.inc.php
phpcompta/trunk/include/preod.inc.php
phpcompta/trunk/include/report.inc.php
phpcompta/trunk/include/suivi_adm.inc.php
phpcompta/trunk/include/suivi_supplier.inc.php
phpcompta/trunk/include/supplier.inc.php
Log:
Security remove all $user->can_request except for extension
Modified: phpcompta/trunk/html/ajax_report.php
===================================================================
--- phpcompta/trunk/html/ajax_report.php 2011-11-08 19:18:14 UTC (rev
4319)
+++ phpcompta/trunk/html/ajax_report.php 2011-11-08 19:45:07 UTC (rev
4320)
@@ -44,7 +44,6 @@
$User=new User($cn);
$User->Check();
$User->check_dossier(dossier::id());
-$User->can_request('PARRAP',0);
Modified: phpcompta/trunk/html/show_document.php
===================================================================
--- phpcompta/trunk/html/show_document.php 2011-11-08 19:18:14 UTC (rev
4319)
+++ phpcompta/trunk/html/show_document.php 2011-11-08 19:45:07 UTC (rev
4320)
@@ -35,7 +35,6 @@
$User=new User(new Database());
$User->Check();
$User->check_dossier($gDossier);
-$User->can_request(GECOUR);
/* Show the document */
if ( $action == 'sh')
{
Modified: phpcompta/trunk/include/ac_common.php
===================================================================
--- phpcompta/trunk/include/ac_common.php 2011-11-08 19:18:14 UTC (rev
4319)
+++ phpcompta/trunk/include/ac_common.php 2011-11-08 19:45:07 UTC (rev
4320)
@@ -766,7 +766,10 @@
$array=compute_variable($file[0]['me_parameter']);
put_global($array);
}
- require_once $file[0]['me_file'];
+ if ( $file[0]['me_type'] != 'PL')
+ require_once $file[0]['me_file'];
+ else
+ require 'extension_get.inc.php';
exit();
}
if ( $file[0]['me_javascript'] != '')
Modified: phpcompta/trunk/include/action.inc.php
===================================================================
--- phpcompta/trunk/include/action.inc.php 2011-11-08 19:18:14 UTC (rev
4319)
+++ phpcompta/trunk/include/action.inc.php 2011-11-08 19:45:07 UTC (rev
4320)
@@ -23,7 +23,6 @@
*/
require_once('class_ipopup.php');
global $g_user;
-$g_user->can_request(GECOUR);
$retour=HtmlInput::button_anchor(_('Retour'),'?ac='.$_REQUEST['ac'].'&my_action&'.dossier::get());
//-----------------------------------------------------
Modified: phpcompta/trunk/include/adm.inc.php
===================================================================
--- phpcompta/trunk/include/adm.inc.php 2011-11-08 19:18:14 UTC (rev 4319)
+++ phpcompta/trunk/include/adm.inc.php 2011-11-08 19:45:07 UTC (rev 4320)
@@ -38,7 +38,6 @@
/*! \file
* \brief Called from the module "Gestion" to manage the customer
*/
-$g_user->can_request(GECUST);
$href=basename($_SERVER['PHP_SELF']);
// by default open liste
Modified: phpcompta/trunk/include/balance.inc.php
===================================================================
--- phpcompta/trunk/include/balance.inc.php 2011-11-08 19:18:14 UTC (rev
4319)
+++ phpcompta/trunk/include/balance.inc.php 2011-11-08 19:45:07 UTC (rev
4320)
@@ -36,7 +36,6 @@
require_once('class_exercice.php');
global $g_user;
$gDossier=dossier::id();
-$g_user->can_request(IMPBAL);
$exercice=(isset($_GET['exercice']))?$_GET['exercice']:$g_user->get_exercice();
Modified: phpcompta/trunk/include/company.inc.php
===================================================================
--- phpcompta/trunk/include/company.inc.php 2011-11-08 19:18:14 UTC (rev
4319)
+++ phpcompta/trunk/include/company.inc.php 2011-11-08 19:45:07 UTC (rev
4320)
@@ -1,6 +1,5 @@
<?php
global $g_user;
- $g_user->can_request(PARCOORD,1);
echo '<div class="content">';
require_once("class_own.php");
if ( isset ($_POST['record_company'] ))
Modified: phpcompta/trunk/include/export_balance_pdf.php
===================================================================
--- phpcompta/trunk/include/export_balance_pdf.php 2011-11-08 19:18:14 UTC
(rev 4319)
+++ phpcompta/trunk/include/export_balance_pdf.php 2011-11-08 19:45:07 UTC
(rev 4320)
@@ -46,7 +46,6 @@
$User->Check();
$bal=new Acc_Balance($cn);
-$User->can_request(IMPBAL,1);
extract ($_GET);
$bal->jrn=null;
@@ -126,12 +125,12 @@
/*
* level x
*/
- if ( $value['poste']=='') continue;
+ if ( $value['poste']=='') continue;
foreach (array(3,2,1) as $ind)
- {
+ {
$r=$value;
if ( ! isset($_GET['lvl'.$ind]))continue;
-
+
if (${'lvl'.$ind.'_old'} == '')
${'lvl'.$ind.'_old'}=substr($r['poste'],0,$ind);
if ( ${'lvl'.$ind.'_old'} != substr($r['poste'],0,$ind))
{
@@ -157,7 +156,7 @@
$nlvl2[$a]=bcadd($nlvl2[$a],$r[$a]);
$nlvl3[$a]=bcadd($nlvl3[$a],$r[$a]);
}
-
+
if ( $i % 2 == 0 )
{
$pdf->SetFillColor(220,221,255);
@@ -168,7 +167,7 @@
$pdf->SetFillColor(0,0,0);
$fill=0;
}
-
+
$pdf->Cell(30,6,$value['poste'],0,0,'L',$fill);
$pdf->Cell(80,6,$value['label'],0,0,'L',$fill);
$pdf->Cell(20,6,nbm($value['sum_deb']),0,0,'R',$fill);
@@ -183,10 +182,10 @@
}
foreach (array(3,2,1) as $ind)
- {
+ {
$r=$value;
if ( ! isset($_GET['lvl'.$ind]))continue;
-
+
if (${'lvl'.$ind.'_old'} == '')
${'lvl'.$ind.'_old'}=substr($r['poste'],0,$ind);
if ( ${'lvl'.$ind.'_old'} != substr($r['poste'],0,$ind))
{
@@ -206,7 +205,7 @@
}
}
}
-
+
// Totaux
$pdf->SetFont('DejaVuCond','B',8);
$pdf->Cell(110,6,'Totaux');
Modified: phpcompta/trunk/include/export_fiche_balance_pdf.php
===================================================================
--- phpcompta/trunk/include/export_fiche_balance_pdf.php 2011-11-08
19:18:14 UTC (rev 4319)
+++ phpcompta/trunk/include/export_fiche_balance_pdf.php 2011-11-08
19:45:07 UTC (rev 4320)
@@ -39,7 +39,6 @@
$User=new User($cn);
$User->Check();
$User->check_dossier($gDossier);
-$User->can_request(IMPFIC,0);
$pdf=new PDF($cn);
$pdf->setDossierInfo(" Periode : ".$_GET['start']." - ".$_GET['end']);
Modified: phpcompta/trunk/include/export_fiche_pdf.php
===================================================================
--- phpcompta/trunk/include/export_fiche_pdf.php 2011-11-08 19:18:14 UTC
(rev 4319)
+++ phpcompta/trunk/include/export_fiche_pdf.php 2011-11-08 19:45:07 UTC
(rev 4320)
@@ -39,7 +39,6 @@
$User=new User($cn);
$User->Check();
$User->check_dossier($gDossier);
-$User->can_request(IMPFIC,0);
$pdf=new PDF($cn);
$pdf->setDossierInfo(" Periode : ".$_GET['start']." - ".$_GET['end']);
Modified: phpcompta/trunk/include/export_gl_pdf.php
===================================================================
--- phpcompta/trunk/include/export_gl_pdf.php 2011-11-08 19:18:14 UTC (rev
4319)
+++ phpcompta/trunk/include/export_gl_pdf.php 2011-11-08 19:45:07 UTC (rev
4320)
@@ -41,13 +41,12 @@
$User=new User($cn);
$User->Check();
$User->check_dossier($gDossier);
-$User->can_request(IMPBIL,0);
$sql="select pcm_val from tmp_pcmn ";
extract($_GET);
$cond_poste="";
-if ($from_poste != '')
+if ($from_poste != '')
{
$cond_poste = ' where ';
$cond_poste .=' pcm_val >= upper
(\''.Database::escape_string($from_poste).'\')';
@@ -55,7 +54,7 @@
if ( $to_poste != '')
{
- if ( $cond_poste == '')
+ if ( $cond_poste == '')
{
$cond_poste = ' where pcm_val <= upper
(\''.Database::escape_string($to_poste).'\')';
}
Modified: phpcompta/trunk/include/export_ledger_csv.php
===================================================================
--- phpcompta/trunk/include/export_ledger_csv.php 2011-11-08 19:18:14 UTC
(rev 4319)
+++ phpcompta/trunk/include/export_ledger_csv.php 2011-11-08 19:45:07 UTC
(rev 4320)
@@ -39,7 +39,6 @@
require_once ('class_user.php');
$User=new User($cn);
$User->Check();
-$User->can_request(IMPJRN,0);
$User->check_dossier($gDossier);
if ($_GET['jrn_id']!=0 && $User->check_jrn($_GET['jrn_id']) =='X')
Modified: phpcompta/trunk/include/export_ledger_pdf.php
===================================================================
--- phpcompta/trunk/include/export_ledger_pdf.php 2011-11-08 19:18:14 UTC
(rev 4319)
+++ phpcompta/trunk/include/export_ledger_pdf.php 2011-11-08 19:45:07 UTC
(rev 4320)
@@ -55,7 +55,6 @@
$User=new User($cn);
$User->Check();
$User->check_dossier($gDossier);
-$User->can_request(IMPJRN,0);
// Security
if ( $_GET['jrn_id']!=0 && $User->check_jrn($_GET['jrn_id']) == 'X' )
Modified: phpcompta/trunk/include/export_poste_detail.php
===================================================================
--- phpcompta/trunk/include/export_poste_detail.php 2011-11-08 19:18:14 UTC
(rev 4319)
+++ phpcompta/trunk/include/export_poste_detail.php 2011-11-08 19:45:07 UTC
(rev 4320)
@@ -40,7 +40,6 @@
$User=new User($cn);
$User->Check();
$User->check_dossier($gDossier);
-$User->can_request(IMPPOSTE,0);
if ( isset ( $_REQUEST['poste_fille']) )
{ //choisit de voir tous les postes
Modified: phpcompta/trunk/include/export_security_pdf.php
===================================================================
--- phpcompta/trunk/include/export_security_pdf.php 2011-11-08 19:18:14 UTC
(rev 4319)
+++ phpcompta/trunk/include/export_security_pdf.php 2011-11-08 19:45:07 UTC
(rev 4320)
@@ -36,8 +36,6 @@
$rep=new Database();
include_once ("class_user.php");
$User=new User($rep);
-// Check Priv
-$User->can_request(PARSEC,1);
//-----------------------------------------------------
// Get User's info
@@ -128,7 +126,7 @@
break;
case 'O':
/**
- *non implemente
+ *non implemente
*/
$pdf->Cell(30,6,"Opérations prédéfinies uniquement");
break;
Deleted: phpcompta/trunk/include/impress.inc.php
===================================================================
--- phpcompta/trunk/include/impress.inc.php 2011-11-08 19:18:14 UTC (rev
4319)
+++ phpcompta/trunk/include/impress.inc.php 2011-11-08 19:45:07 UTC (rev
4320)
@@ -1,94 +0,0 @@
-<?php
-/*
- * This file is part of PhpCompta.
- *
- * PhpCompta is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * PhpCompta is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with PhpCompta; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-*/
-// Copyright Author Dany De Bontridder address@hidden
-
-/* $Revision$ */
-
-/*! \file
- * \brief Main page for the printing
- */
-$str_dossier=dossier::get();
-// show sub menu
-
-echo "<DIV class=\"lmenu\">";
-
-$p_array=array(array
("?p_action=impress&type=jrn&".$str_dossier,_("Historique")),
-
array("?p_action=impress&type=gl_comptes&".$str_dossier,_("Grand Livre")), /*
AG */
- array("?p_action=impress&type=poste&".$str_dossier,_("Poste")),
- array("?p_action=impress&type=fiche&".$str_dossier,_("Catégorie
de fiche")),
-
array("?p_action=impress&type=rapport&".$str_dossier,_("Rapport")),
-
array("?p_action=impress&type=rec&".$str_dossier,_("Rapprochement")),
- array('?p_action=impress&type=bal&'.$str_dossier,_('Balance des
comptes')),
- array("?p_action=impress&type=bilan&".$str_dossier,_("Bilan"))
- );
-$default=( isset
($_GET['type']))?"?p_action=impress&type=".$_GET['type']."&$str_dossier":"";
-
-
-$result=ShowItem($p_array,'H',"mtitle","mtitle",$default,' ');
-echo $result;
-
-echo "</DIV>";
-$cn=new Database($gDossier);
-
-
-include_once("impress_inc.php");
-
-
-// something is choosen
-$default=( isset ($_REQUEST['type']))?$_REQUEST['type']:"";
-switch ($default)
-{
-case 'rec':
- $User->can_request(IMPJRN,1);
- require_once ("impress_rec.inc.php");
- break;
-case "jrn":
- $User->can_request(IMPJRN,1);
- require_once ("impress_jrn.inc.php");
- break;
-case "poste":
- $User->can_request(IMPPOSTE,1);
- require_once ("impress_poste.inc.php");
- break;
-case "rapport":
- $User->can_request(IMPRAP,1);
- require_once ("impress_rapport.inc.php");
- break;
-case "bilan":
- $User->can_request(IMPBIL,1);
- require_once ("impress_bilan.inc.php");
- break;
-case "gl_comptes": /* AG */
- $User->can_request(IMPBIL,1);
- require_once ("impress_gl_comptes.inc.php");
- break;
-
-case "bal":
- $User->can_request(IMPBAL,1);
- require_once ("balance.inc.php");
- break;
-case "fiche":
- $User->can_request(IMPFIC,1);
- require_once ("impress_fiche.inc.php");
- break;
-
-}
-
-html_page_stop();
-?>
Modified: phpcompta/trunk/include/opening.inc.php
===================================================================
--- phpcompta/trunk/include/opening.inc.php 2011-11-08 19:18:14 UTC (rev
4319)
+++ phpcompta/trunk/include/opening.inc.php 2011-11-08 19:45:07 UTC (rev
4320)
@@ -28,7 +28,6 @@
$sa=(isset($_REQUEST['sa']))?$_REQUEST['sa']:'';
$User=new User(new Database(dossier::id()));
$User->Check();
-$User->can_request(PAREO,1);
require_once("class_iselect.php");
require_once('class_acc_ledger.php');
/* --------------------------------------------------
Modified: phpcompta/trunk/include/param_pcmn.inc.php
===================================================================
--- phpcompta/trunk/include/param_pcmn.inc.php 2011-11-08 19:18:14 UTC (rev
4319)
+++ phpcompta/trunk/include/param_pcmn.inc.php 2011-11-08 19:45:07 UTC (rev
4320)
@@ -84,7 +84,6 @@
echo '<div class="u_subtmenu">';
echo '</div>';
-$User->can_request(PARPCMN);
echo '<div class="lmenu">';
Modified: phpcompta/trunk/include/preod.inc.php
===================================================================
--- phpcompta/trunk/include/preod.inc.php 2011-11-08 19:18:14 UTC (rev
4319)
+++ phpcompta/trunk/include/preod.inc.php 2011-11-08 19:45:07 UTC (rev
4320)
@@ -30,7 +30,6 @@
require_once('ac_common.php');
require_once('class_pre_operation.php');
$user=new User(new Database(dossier::id()));
-$user->can_request(PARPREDE,1);
echo '<div class="content">';
echo '<form method="GET">';
$sel=new ISelect();
Modified: phpcompta/trunk/include/report.inc.php
===================================================================
--- phpcompta/trunk/include/report.inc.php 2011-11-08 19:18:14 UTC (rev
4319)
+++ phpcompta/trunk/include/report.inc.php 2011-11-08 19:45:07 UTC (rev
4320)
@@ -14,7 +14,7 @@
*
* You should have received a copy of the GNU General Public License
* along with PhpCompta; if not, write to the Free Software
-
+
*/
/* $Revision$ */
// Copyright Author Dany De Bontridder address@hidden
@@ -51,7 +51,6 @@
$User=new User($rep);
$User->Check();
-$User->can_request(PARRAP,1);
$cn=new Database($gDossier);
Modified: phpcompta/trunk/include/suivi_adm.inc.php
===================================================================
--- phpcompta/trunk/include/suivi_adm.inc.php 2011-11-08 19:18:14 UTC (rev
4319)
+++ phpcompta/trunk/include/suivi_adm.inc.php 2011-11-08 19:45:07 UTC (rev
4320)
@@ -28,7 +28,6 @@
* - $cn = database connection
*/
require_once('class_follow_up.php');
-$g_user->can_request(GECOUR);
/**
*\note fix problem with ShowActionList, this function is local
Modified: phpcompta/trunk/include/suivi_supplier.inc.php
===================================================================
--- phpcompta/trunk/include/suivi_supplier.inc.php 2011-11-08 19:18:14 UTC
(rev 4319)
+++ phpcompta/trunk/include/suivi_supplier.inc.php 2011-11-08 19:45:07 UTC
(rev 4320)
@@ -28,7 +28,6 @@
* - $cn = database connection
*/
require_once('class_follow_up.php');
-$g_user->can_request(GECOUR);
/**
*\note problem with ShowActionList, this function is local
Modified: phpcompta/trunk/include/supplier.inc.php
===================================================================
--- phpcompta/trunk/include/supplier.inc.php 2011-11-08 19:18:14 UTC (rev
4319)
+++ phpcompta/trunk/include/supplier.inc.php 2011-11-08 19:45:07 UTC (rev
4320)
@@ -36,7 +36,6 @@
/*! \file
* \brief Called from the module "Gestion" to manage the supplier
*/
-$g_user->can_request(GECUST);
$href=basename($_SERVER['PHP_SELF']);
// by default open liste
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpcompta-dev] r4320 - in phpcompta/trunk: html include,
phpcompta-dev <=