Commit 8d0546bc authored by Dries's avatar Dries
Browse files

- Made the search result of node.module context sensitive: it will only
  link to the admin pages if you searched from within the admin pages.

- Added checks for "post content" permission (reported by Natrak).
parent 297a5b01
......@@ -49,11 +49,11 @@ function node_perm() {
}
function node_search($keys) {
global $user;
global $PHP_SELF;
$result = db_query("SELECT n.nid, n.title, n.created, u.uid, u.name FROM node n LEFT JOIN users u ON n.uid = u.uid WHERE n.status = 1 AND (n.title LIKE '%$keys%' OR n.teaser LIKE '%$keys%' OR n.body LIKE '%$keys%') ORDER BY n.created DESC LIMIT 20");
while ($node = db_fetch_object($result)) {
$find[$i++] = array("title" => check_output($node->title), "link" => (user_access("administer nodes") ? "admin.php?mod=node&type=node&op=edit&id=$node->nid" : "node.php?id=$node->nid"), "user" => $node->name, "date" => $node->created);
$find[$i++] = array("title" => check_output($node->title), "link" => (strstr($PHP_SELF, "admin.php") ? "admin.php?mod=node&type=node&op=edit&id=$node->nid" : "node.php?id=$node->nid"), "user" => $node->name, "date" => $node->created);
}
return $find;
......@@ -134,7 +134,7 @@ function node_link($type, $node = 0, $main = 0) {
$links[] = "<a href=\"admin.php?mod=node\">content management</a>";
}
if ($type == "page") {
if ($type == "page" && user_access("post content")) {
$links[] = "<a href=\"module.php?mod=node&op=add\">submit</a>";
}
......@@ -743,96 +743,102 @@ function node_preview($edit) {
function node_submit($node) {
global $user;
/*
** Verify a user's submission rate and avoid duplicate nodes being
** inserted:
*/
throttle("node", variable_get("max_node_rate", 900));
/*
** Fixup the node when required:
*/
if (user_access("post content")) {
$node = node_validate($node);
/*
** Verify a user's submission rate and avoid duplicate nodes being
** inserted:
*/
/*
** Apply the filters:
*/
throttle("node", variable_get("max_node_rate", 900));
$node->teaser = filter($node->teaser);
$node->title = filter($node->title);
$node->body = filter($node->body);
/*
** Fixup the node when required:
*/
/*
** Create a new revision when required:
*/
$node = node_validate($node);
$node = node_revision_create($node);
/*
** Apply the filters:
*/
if ($node->nid) {
$node->teaser = filter($node->teaser);
$node->title = filter($node->title);
$node->body = filter($node->body);
/*
** Check whether the current user has the proper access rights to
** perform this operation:
** Create a new revision when required:
*/
if (node_access("update", $node)) {
$node = node_revision_create($node);
if ($node->nid) {
/*
** Compile a list of the node fields and their default values that users
** and administrators are allowed to save when updating a node.
** Check whether the current user has the proper access rights to
** perform this operation:
*/
if (user_access("administer nodes")) {
$fields = array("nid", "uid", "body", "comment", "created", "promote", "moderate", "revisions", "status", "teaser", "title", "type" => $node->type);
if (node_access("update", $node)) {
/*
** Compile a list of the node fields and their default values that users
** and administrators are allowed to save when updating a node.
*/
if (user_access("administer nodes")) {
$fields = array("nid", "uid", "body", "comment", "created", "promote", "moderate", "revisions", "status", "teaser", "title", "type" => $node->type);
}
else {
$fields = array("nid", "uid" => $user->uid, "body", "teaser", "title", "type" => $node->type);
}
node_save($node, array_merge($fields, module_invoke($node->type, "save", "update", $node)));
watchdog("special", "$node->type: updated '$node->title'");
$output = t("The node has been updated.");
}
else {
$fields = array("nid", "uid" => $user->uid, "body", "teaser", "title", "type" => $node->type);
watchdog("warning", "$node->type: not authorized to update node");
$output = t("You are not authorized to update this node.");
}
node_save($node, array_merge($fields, module_invoke($node->type, "save", "update", $node)));
watchdog("special", "$node->type: updated '$node->title'");
$output = t("The node has been updated.");
}
else {
watchdog("warning", "$node->type: not authorized to update node");
$output = t("You are not authorized to update this node.");
}
}
else {
/*
** Check whether the current user has the proper access rights to
** perform this operation:
*/
/*
** Check whether the current user has the proper access rights to
** perform this operation:
*/
if (node_access("create", $node)) {
if (node_access("create", $node)) {
/*
** Compile a list of the node fields and their default values that users
** and administrators are allowed to save when inserting a new node.
*/
/*
** Compile a list of the node fields and their default values that users
** and administrators are allowed to save when inserting a new node.
*/
if (user_access("administer nodes")) {
$fields = array("uid", "body", "comment" => 1, "promote", "moderate", "status" => 1, "teaser", "title", "type" => $node->type);
}
else {
$fields = array("uid" => $user->uid, "body", "comment" => 1, "teaser", "title", "type" => $node->type);
}
node_save($node, array_merge($fields, module_invoke($node->type, "save", "create", $node)));
if (user_access("administer nodes")) {
$fields = array("uid", "body", "comment" => 1, "promote", "moderate", "status" => 1, "teaser", "title", "type" => $node->type);
watchdog("special", "$node->type: added '$node->title'");
$output = t("Thanks for your submission.");
}
else {
$fields = array("uid" => $user->uid, "body", "comment" => 1, "teaser", "title", "type" => $node->type);
watchdog("warning", "$node->type: not authorized to create node");
$output = t("You are not authorized to create this node.");
}
node_save($node, array_merge($fields, module_invoke($node->type, "save", "create", $node)));
watchdog("special", "$node->type: added '$node->title'");
$output = t("Thanks for your submission.");
}
else {
watchdog("warning", "$node->type: not authorized to create node");
$output = t("You are not authorized to create this node.");
}
}
else {
$output = message_access();
}
return $output;
}
......
......@@ -49,11 +49,11 @@ function node_perm() {
}
function node_search($keys) {
global $user;
global $PHP_SELF;
$result = db_query("SELECT n.nid, n.title, n.created, u.uid, u.name FROM node n LEFT JOIN users u ON n.uid = u.uid WHERE n.status = 1 AND (n.title LIKE '%$keys%' OR n.teaser LIKE '%$keys%' OR n.body LIKE '%$keys%') ORDER BY n.created DESC LIMIT 20");
while ($node = db_fetch_object($result)) {
$find[$i++] = array("title" => check_output($node->title), "link" => (user_access("administer nodes") ? "admin.php?mod=node&type=node&op=edit&id=$node->nid" : "node.php?id=$node->nid"), "user" => $node->name, "date" => $node->created);
$find[$i++] = array("title" => check_output($node->title), "link" => (strstr($PHP_SELF, "admin.php") ? "admin.php?mod=node&type=node&op=edit&id=$node->nid" : "node.php?id=$node->nid"), "user" => $node->name, "date" => $node->created);
}
return $find;
......@@ -134,7 +134,7 @@ function node_link($type, $node = 0, $main = 0) {
$links[] = "<a href=\"admin.php?mod=node\">content management</a>";
}
if ($type == "page") {
if ($type == "page" && user_access("post content")) {
$links[] = "<a href=\"module.php?mod=node&op=add\">submit</a>";
}
......@@ -743,96 +743,102 @@ function node_preview($edit) {
function node_submit($node) {
global $user;
/*
** Verify a user's submission rate and avoid duplicate nodes being
** inserted:
*/
throttle("node", variable_get("max_node_rate", 900));
/*
** Fixup the node when required:
*/
if (user_access("post content")) {
$node = node_validate($node);
/*
** Verify a user's submission rate and avoid duplicate nodes being
** inserted:
*/
/*
** Apply the filters:
*/
throttle("node", variable_get("max_node_rate", 900));
$node->teaser = filter($node->teaser);
$node->title = filter($node->title);
$node->body = filter($node->body);
/*
** Fixup the node when required:
*/
/*
** Create a new revision when required:
*/
$node = node_validate($node);
$node = node_revision_create($node);
/*
** Apply the filters:
*/
if ($node->nid) {
$node->teaser = filter($node->teaser);
$node->title = filter($node->title);
$node->body = filter($node->body);
/*
** Check whether the current user has the proper access rights to
** perform this operation:
** Create a new revision when required:
*/
if (node_access("update", $node)) {
$node = node_revision_create($node);
if ($node->nid) {
/*
** Compile a list of the node fields and their default values that users
** and administrators are allowed to save when updating a node.
** Check whether the current user has the proper access rights to
** perform this operation:
*/
if (user_access("administer nodes")) {
$fields = array("nid", "uid", "body", "comment", "created", "promote", "moderate", "revisions", "status", "teaser", "title", "type" => $node->type);
if (node_access("update", $node)) {
/*
** Compile a list of the node fields and their default values that users
** and administrators are allowed to save when updating a node.
*/
if (user_access("administer nodes")) {
$fields = array("nid", "uid", "body", "comment", "created", "promote", "moderate", "revisions", "status", "teaser", "title", "type" => $node->type);
}
else {
$fields = array("nid", "uid" => $user->uid, "body", "teaser", "title", "type" => $node->type);
}
node_save($node, array_merge($fields, module_invoke($node->type, "save", "update", $node)));
watchdog("special", "$node->type: updated '$node->title'");
$output = t("The node has been updated.");
}
else {
$fields = array("nid", "uid" => $user->uid, "body", "teaser", "title", "type" => $node->type);
watchdog("warning", "$node->type: not authorized to update node");
$output = t("You are not authorized to update this node.");
}
node_save($node, array_merge($fields, module_invoke($node->type, "save", "update", $node)));
watchdog("special", "$node->type: updated '$node->title'");
$output = t("The node has been updated.");
}
else {
watchdog("warning", "$node->type: not authorized to update node");
$output = t("You are not authorized to update this node.");
}
}
else {
/*
** Check whether the current user has the proper access rights to
** perform this operation:
*/
/*
** Check whether the current user has the proper access rights to
** perform this operation:
*/
if (node_access("create", $node)) {
if (node_access("create", $node)) {
/*
** Compile a list of the node fields and their default values that users
** and administrators are allowed to save when inserting a new node.
*/
/*
** Compile a list of the node fields and their default values that users
** and administrators are allowed to save when inserting a new node.
*/
if (user_access("administer nodes")) {
$fields = array("uid", "body", "comment" => 1, "promote", "moderate", "status" => 1, "teaser", "title", "type" => $node->type);
}
else {
$fields = array("uid" => $user->uid, "body", "comment" => 1, "teaser", "title", "type" => $node->type);
}
node_save($node, array_merge($fields, module_invoke($node->type, "save", "create", $node)));
if (user_access("administer nodes")) {
$fields = array("uid", "body", "comment" => 1, "promote", "moderate", "status" => 1, "teaser", "title", "type" => $node->type);
watchdog("special", "$node->type: added '$node->title'");
$output = t("Thanks for your submission.");
}
else {
$fields = array("uid" => $user->uid, "body", "comment" => 1, "teaser", "title", "type" => $node->type);
watchdog("warning", "$node->type: not authorized to create node");
$output = t("You are not authorized to create this node.");
}
node_save($node, array_merge($fields, module_invoke($node->type, "save", "create", $node)));
watchdog("special", "$node->type: added '$node->title'");
$output = t("Thanks for your submission.");
}
else {
watchdog("warning", "$node->type: not authorized to create node");
$output = t("You are not authorized to create this node.");
}
}
else {
$output = message_access();
}
return $output;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment