Overview
Comment:Don't allow rename of transactions and users files
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk | stable
Files: files | file ages | folders
SHA3-256: ae48cda34d1ed5c1a22d83f87ef5230636560f3223b2aab5787988f7e70a572e
User & Date: bohwaz on 2021-05-03 18:02:47
Other Links: manifest | tags
Context
2021-05-03
18:40
Use float instead of int as with 32 bits systems, it will max to 2 GB of disk space and cause issues. check-in: 729becbcf1 user: bohwaz tags: trunk, stable
18:02
Don't allow rename of transactions and users files check-in: ae48cda34d user: bohwaz tags: trunk, stable
2021-05-02
12:41
Don't allow rename of transactions and users files check-in: 36d8a33144 user: bohwaz tags: dev
2021-05-01
22:56
Add upgrade of plugins to plugin page check-in: 7c494dd45f user: bohwaz tags: trunk, stable
Changes

Modified src/templates/docs/index.tpl from [73085f9efc] to [8d6804db55].

    92     92   			</td>
    93     93   			{/if}
    94     94   			<th><a href="?p={$file.path}">{$file.name}</a></th>
    95     95   			<td></td>
    96     96   			<td>Répertoire</td>
    97     97   			<td></td>
    98     98   			<td class="actions">
    99         -			{if $can_write}
           99  +			{if $can_write && ($context == File::CONTEXT_SKELETON || $context == File::CONTEXT_DOCUMENTS)}
   100    100   				{linkbutton href="!common/files/rename.php?p=%s"|args:$file.path label="Renommer" shape="minus" target="_dialog"}
   101    101   			{/if}
   102    102   			{if $can_delete}
   103    103   				{linkbutton href="!common/files/delete.php?p=%s"|args:$file.path label="Supprimer" shape="delete" target="_dialog"}
   104    104   			{/if}
   105    105   			</td>
   106    106   		</tr>
................................................................................
   125    125   				{if $can_write && $file->getEditor()}
   126    126   					{linkbutton href="!common/files/edit.php?p=%s"|args:$file.path label="Modifier" shape="edit" target="_dialog" data-dialog-height="90%"}
   127    127   				{/if}
   128    128   				{if $file->canPreview()}
   129    129   					{linkbutton href="!common/files/preview.php?p=%s"|args:$file.path label="Voir" shape="eye" target="_dialog" data-mime=$file.mime}
   130    130   				{/if}
   131    131   				{linkbutton href=$file->url(true) label="Télécharger" shape="download"}
   132         -				{if $can_write}
          132  +				{if $can_write && ($context == File::CONTEXT_SKELETON || $context == File::CONTEXT_DOCUMENTS)}
   133    133   					{linkbutton href="!common/files/rename.php?p=%s"|args:$file.path label="Renommer" shape="minus" target="_dialog"}
   134    134   				{/if}
   135    135   				{if $can_delete}
   136    136   					{linkbutton href="!common/files/delete.php?p=%s"|args:$file.path label="Supprimer" shape="delete" target="_dialog"}
   137    137   				{/if}
   138    138   			</td>
   139    139   		</tr>

Modified src/www/admin/common/files/rename.php from [b9ec601421] to [7b6a31350b].

     9      9   $file = Files::get(qg('p'));
    10     10   
    11     11   if (!$file) {
    12     12   	throw new UserException('Fichier inconnu');
    13     13   }
    14     14   
    15     15   if (!$file->checkWriteAccess($session)) {
    16         -    throw new UserException('Vous n\'avez pas le droit de supprimer ce fichier.');
           16  +    throw new UserException('Vous n\'avez pas le droit de modifier ce fichier.');
    17     17   }
    18     18   
    19     19   $context = $file->context();
    20     20   
    21         -if ($context == File::CONTEXT_CONFIG || $context == File::CONTEXT_WEB) {
           21  +if ($context != File::CONTEXT_DOCUMENTS && $context != File::CONTEXT_SKELETON) {
    22     22   	throw new UserException('Vous n\'avez pas le droit de renommer ce fichier.');
    23     23   }
    24     24   
    25     25   $csrf_key = 'file_rename_' . $file->pathHash();
    26     26   
    27     27   $form->runIf('rename', function () use ($file) {
    28     28   	$file->changeFileName(f('new_name'));
    29     29   }, $csrf_key, '!');
    30     30   
    31     31   $tpl->assign(compact('file', 'csrf_key'));
    32     32   
    33     33   $tpl->display('common/files/rename.tpl');