phpgroupware-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-cvs] api class.msgbox.php, 1.1.1.1, 1.1.1.1.2.1 class.setu


From: Dan Kuykendall <address@hidden>
Subject: [Phpgroupware-cvs] api class.msgbox.php, 1.1.1.1, 1.1.1.1.2.1 class.setup.php, 1.1.1.1, 1.1.1.1.2.1 core_functions.inc.php, 1.1.1.1, 1.1.1.1.2.1
Date: Thu, 23 Oct 2003 20:27:55 +0000

Update of /cvsroot/phpgroupware/api
In directory subversions:/tmp/cvs-serv11420/api

Modified Files:
      Tag: proposal-branch
        class.msgbox.php class.setup.php core_functions.inc.php 
Log Message:
fixed default rights to block even admin from being able to execute random 
functions from the api, using the op

Index: core_functions.inc.php
===================================================================
RCS file: /cvsroot/phpgroupware/api/core_functions.inc.php,v
retrieving revision 1.1.1.1
retrieving revision 1.1.1.1.2.1
diff -C2 -d -r1.1.1.1 -r1.1.1.1.2.1
*** core_functions.inc.php      23 Oct 2003 07:25:02 -0000      1.1.1.1
--- core_functions.inc.php      23 Oct 2003 20:27:53 -0000      1.1.1.1.2.1
***************
*** 33,36 ****
--- 33,84 ----
         */
  
+       function phpgw_error_trap ($errno, $errstr, $errfile = '', $errline = 
'')
+       {
+               switch ($errno)
+               {
+                       case E_COMPILE_ERROR:
+                 case E_PARSE:
+                               $type = 'fatal';
+                               break;
+                 case E_CORE_ERROR:
+                 case E_COMPILE_ERROR:
+                 case E_USER_ERROR:
+                 case E_ERROR:
+                               $type = 'error';
+                               break;
+                 case E_WARNING:
+                               break;
+                 case E_CORE_WARNING:
+                 case E_USER_WARNING:
+                               $type = 'warning';
+                               break;
+                 case E_NOTICE:
+                               break;
+                 case E_USER_NOTICE:
+                               $type = 'notice';
+                               break;
+                 default:
+                               $type = 'unknown';
+               }
+               if(isset($type))
+               {
+                       if(is_object($GLOBALS['msgbox']))
+                       {
+                               $GLOBALS['msgbox']->add(strtoupper($type).': 
['.$errno.'] '.$errstr,$errline,$errfile, $type);
+                       }
+                       else
+                       {
+                               echo "<b>".strtoupper($type)."</b>: [$errno] 
$errstr<br />\n";
+                               if($type == 'fatal')
+                               {
+                                       echo "Error in line $errline of file 
$errfile<br />\n";
+                                       exit(1);
+                               }
+                       }
+               }
+       }
+ 
+       set_error_handler('phpgw_error_trap');
+ 
        function createobject($class, $inputs='##NOTSET##', $silent = False)
        {

Index: class.setup.php
===================================================================
RCS file: /cvsroot/phpgroupware/api/class.setup.php,v
retrieving revision 1.1.1.1
retrieving revision 1.1.1.1.2.1
diff -C2 -d -r1.1.1.1 -r1.1.1.1.2.1
*** class.setup.php     23 Oct 2003 07:25:02 -0000      1.1.1.1
--- class.setup.php     23 Oct 2003 20:27:53 -0000      1.1.1.1.2.1
***************
*** 425,430 ****
--- 425,436 ----
                                $admin_id = 
$accounts->create($admin_account_info);
  
+                               $all_acl = createobject('api_acl', 
array('account_id'=>0));
+                               $all_acl->add('api',63,1);
+                               
                                $admin_acl = createobject('api_acl', 
array('account_id'=>$admin_id));
                                $admin_acl->add('.',63);
+                               $admin_acl->add('api.base',63);
+                               $admin_acl->add('api.setup',63);
+                               $admin_acl->add('api.admin',63);
  
                                $this->install_log['text'] = 'Admin account 
'.$args['admin_lid'].' was created.';

Index: class.msgbox.php
===================================================================
RCS file: /cvsroot/phpgroupware/api/class.msgbox.php,v
retrieving revision 1.1.1.1
retrieving revision 1.1.1.1.2.1
diff -C2 -d -r1.1.1.1 -r1.1.1.1.2.1
*** class.msgbox.php    23 Oct 2003 07:25:01 -0000      1.1.1.1
--- class.msgbox.php    23 Oct 2003 20:27:53 -0000      1.1.1.1.2.1
***************
*** 46,49 ****
--- 46,50 ----
                        $this->data[] = $args;
                        */
+                       $text = htmlentities($text);
                        switch ($type)
                        {
***************
*** 55,63 ****
                                case 'debug':
                                case 'fataldebug':
!                                       ob_start();
!                                       htmlentities(print_r($debug_data));
!                                       $ret_str = ob_get_contents();
!                                       ob_end_clean();
!                                       $this->data[] = array('text'=>$text, 
'line'=>$line, 'file'=>$file, 'type'=>'debug', 'debug_data'=>$ret_str);
                                        if($type == 'fataldebug')
                                        {
--- 56,68 ----
                                case 'debug':
                                case 'fataldebug':
!                                       if(is_array($debug_data) || 
is_object($debug_data))
!                                       {
!                                               ob_start();
!                                               print_r($debug_data);
!                                               $debug_data = ob_get_contents();
!                                               ob_end_clean();
!                                       }
!                                       $debug_data = htmlentities($debug_data);
!                                       $this->data[] = array('text'=>$text, 
'line'=>$line, 'file'=>$file, 'type'=>'debug', 'debug_data'=>$debug_data);
                                        if($type == 'fataldebug')
                                        {





reply via email to

[Prev in Thread] Current Thread [Next in Thread]