Overview
Comment:Don't allow rename of transactions and users files
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk | stable
Files: files | file ages | folders
SHA3-256: ae48cda34d1ed5c1a22d83f87ef5230636560f3223b2aab5787988f7e70a572e
User & Date: bohwaz on 2021-05-03 18:02:47
Other Links: manifest | tags
Context
2021-05-03
18:40
Use float instead of int as with 32 bits systems, it will max to 2 GB of disk space and cause issues. check-in: 729becbcf1 user: bohwaz tags: trunk, stable
18:02
Don't allow rename of transactions and users files check-in: ae48cda34d user: bohwaz tags: trunk, stable
2021-05-02
12:41
Don't allow rename of transactions and users files check-in: 36d8a33144 user: bohwaz tags: dev
2021-05-01
22:56
Add upgrade of plugins to plugin page check-in: 7c494dd45f user: bohwaz tags: trunk, stable
Changes

Modified src/templates/docs/index.tpl from [73085f9efc] to [8d6804db55].

92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
...
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
			</td>
			{/if}
			<th><a href="?p={$file.path}">{$file.name}</a></th>
			<td></td>
			<td>Répertoire</td>
			<td></td>
			<td class="actions">
			{if $can_write}
				{linkbutton href="!common/files/rename.php?p=%s"|args:$file.path label="Renommer" shape="minus" target="_dialog"}
			{/if}
			{if $can_delete}
				{linkbutton href="!common/files/delete.php?p=%s"|args:$file.path label="Supprimer" shape="delete" target="_dialog"}
			{/if}
			</td>
		</tr>
................................................................................
				{if $can_write && $file->getEditor()}
					{linkbutton href="!common/files/edit.php?p=%s"|args:$file.path label="Modifier" shape="edit" target="_dialog" data-dialog-height="90%"}
				{/if}
				{if $file->canPreview()}
					{linkbutton href="!common/files/preview.php?p=%s"|args:$file.path label="Voir" shape="eye" target="_dialog" data-mime=$file.mime}
				{/if}
				{linkbutton href=$file->url(true) label="Télécharger" shape="download"}
				{if $can_write}
					{linkbutton href="!common/files/rename.php?p=%s"|args:$file.path label="Renommer" shape="minus" target="_dialog"}
				{/if}
				{if $can_delete}
					{linkbutton href="!common/files/delete.php?p=%s"|args:$file.path label="Supprimer" shape="delete" target="_dialog"}
				{/if}
			</td>
		</tr>







|







 







|







92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
...
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
			</td>
			{/if}
			<th><a href="?p={$file.path}">{$file.name}</a></th>
			<td></td>
			<td>Répertoire</td>
			<td></td>
			<td class="actions">
			{if $can_write && ($context == File::CONTEXT_SKELETON || $context == File::CONTEXT_DOCUMENTS)}
				{linkbutton href="!common/files/rename.php?p=%s"|args:$file.path label="Renommer" shape="minus" target="_dialog"}
			{/if}
			{if $can_delete}
				{linkbutton href="!common/files/delete.php?p=%s"|args:$file.path label="Supprimer" shape="delete" target="_dialog"}
			{/if}
			</td>
		</tr>
................................................................................
				{if $can_write && $file->getEditor()}
					{linkbutton href="!common/files/edit.php?p=%s"|args:$file.path label="Modifier" shape="edit" target="_dialog" data-dialog-height="90%"}
				{/if}
				{if $file->canPreview()}
					{linkbutton href="!common/files/preview.php?p=%s"|args:$file.path label="Voir" shape="eye" target="_dialog" data-mime=$file.mime}
				{/if}
				{linkbutton href=$file->url(true) label="Télécharger" shape="download"}
				{if $can_write && ($context == File::CONTEXT_SKELETON || $context == File::CONTEXT_DOCUMENTS)}
					{linkbutton href="!common/files/rename.php?p=%s"|args:$file.path label="Renommer" shape="minus" target="_dialog"}
				{/if}
				{if $can_delete}
					{linkbutton href="!common/files/delete.php?p=%s"|args:$file.path label="Supprimer" shape="delete" target="_dialog"}
				{/if}
			</td>
		</tr>

Modified src/www/admin/common/files/rename.php from [b9ec601421] to [7b6a31350b].

9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
$file = Files::get(qg('p'));

if (!$file) {
	throw new UserException('Fichier inconnu');
}

if (!$file->checkWriteAccess($session)) {
    throw new UserException('Vous n\'avez pas le droit de supprimer ce fichier.');
}

$context = $file->context();

if ($context == File::CONTEXT_CONFIG || $context == File::CONTEXT_WEB) {
	throw new UserException('Vous n\'avez pas le droit de renommer ce fichier.');
}

$csrf_key = 'file_rename_' . $file->pathHash();

$form->runIf('rename', function () use ($file) {
	$file->changeFileName(f('new_name'));
}, $csrf_key, '!');

$tpl->assign(compact('file', 'csrf_key'));

$tpl->display('common/files/rename.tpl');







|




|












9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
$file = Files::get(qg('p'));

if (!$file) {
	throw new UserException('Fichier inconnu');
}

if (!$file->checkWriteAccess($session)) {
    throw new UserException('Vous n\'avez pas le droit de modifier ce fichier.');
}

$context = $file->context();

if ($context != File::CONTEXT_DOCUMENTS && $context != File::CONTEXT_SKELETON) {
	throw new UserException('Vous n\'avez pas le droit de renommer ce fichier.');
}

$csrf_key = 'file_rename_' . $file->pathHash();

$form->runIf('rename', function () use ($file) {
	$file->changeFileName(f('new_name'));
}, $csrf_key, '!');

$tpl->assign(compact('file', 'csrf_key'));

$tpl->display('common/files/rename.tpl');