Commit 8d0546bc authored by Dries's avatar Dries
Browse files

- Made the search result of node.module context sensitive: it will only
  link to the admin pages if you searched from within the admin pages.

- Added checks for "post content" permission (reported by Natrak).
parent 297a5b01
...@@ -49,11 +49,11 @@ function node_perm() { ...@@ -49,11 +49,11 @@ function node_perm() {
} }
function node_search($keys) { function node_search($keys) {
global $user; global $PHP_SELF;
$result = db_query("SELECT n.nid, n.title, n.created, u.uid, u.name FROM node n LEFT JOIN users u ON n.uid = u.uid WHERE n.status = 1 AND (n.title LIKE '%$keys%' OR n.teaser LIKE '%$keys%' OR n.body LIKE '%$keys%') ORDER BY n.created DESC LIMIT 20"); $result = db_query("SELECT n.nid, n.title, n.created, u.uid, u.name FROM node n LEFT JOIN users u ON n.uid = u.uid WHERE n.status = 1 AND (n.title LIKE '%$keys%' OR n.teaser LIKE '%$keys%' OR n.body LIKE '%$keys%') ORDER BY n.created DESC LIMIT 20");
while ($node = db_fetch_object($result)) { while ($node = db_fetch_object($result)) {
$find[$i++] = array("title" => check_output($node->title), "link" => (user_access("administer nodes") ? "admin.php?mod=node&type=node&op=edit&id=$node->nid" : "node.php?id=$node->nid"), "user" => $node->name, "date" => $node->created); $find[$i++] = array("title" => check_output($node->title), "link" => (strstr($PHP_SELF, "admin.php") ? "admin.php?mod=node&type=node&op=edit&id=$node->nid" : "node.php?id=$node->nid"), "user" => $node->name, "date" => $node->created);
} }
return $find; return $find;
...@@ -134,7 +134,7 @@ function node_link($type, $node = 0, $main = 0) { ...@@ -134,7 +134,7 @@ function node_link($type, $node = 0, $main = 0) {
$links[] = "<a href=\"admin.php?mod=node\">content management</a>"; $links[] = "<a href=\"admin.php?mod=node\">content management</a>";
} }
if ($type == "page") { if ($type == "page" && user_access("post content")) {
$links[] = "<a href=\"module.php?mod=node&op=add\">submit</a>"; $links[] = "<a href=\"module.php?mod=node&op=add\">submit</a>";
} }
...@@ -743,96 +743,102 @@ function node_preview($edit) { ...@@ -743,96 +743,102 @@ function node_preview($edit) {
function node_submit($node) { function node_submit($node) {
global $user; global $user;
/* if (user_access("post content")) {
** Verify a user's submission rate and avoid duplicate nodes being
** inserted:
*/
throttle("node", variable_get("max_node_rate", 900));
/*
** Fixup the node when required:
*/
$node = node_validate($node); /*
** Verify a user's submission rate and avoid duplicate nodes being
** inserted:
*/
/* throttle("node", variable_get("max_node_rate", 900));
** Apply the filters:
*/
$node->teaser = filter($node->teaser); /*
$node->title = filter($node->title); ** Fixup the node when required:
$node->body = filter($node->body); */
/* $node = node_validate($node);
** Create a new revision when required:
*/
$node = node_revision_create($node); /*
** Apply the filters:
*/
if ($node->nid) { $node->teaser = filter($node->teaser);
$node->title = filter($node->title);
$node->body = filter($node->body);
/* /*
** Check whether the current user has the proper access rights to ** Create a new revision when required:
** perform this operation:
*/ */
if (node_access("update", $node)) { $node = node_revision_create($node);
if ($node->nid) {
/* /*
** Compile a list of the node fields and their default values that users ** Check whether the current user has the proper access rights to
** and administrators are allowed to save when updating a node. ** perform this operation:
*/ */
if (user_access("administer nodes")) { if (node_access("update", $node)) {
$fields = array("nid", "uid", "body", "comment", "created", "promote", "moderate", "revisions", "status", "teaser", "title", "type" => $node->type);
/*
** Compile a list of the node fields and their default values that users
** and administrators are allowed to save when updating a node.
*/
if (user_access("administer nodes")) {
$fields = array("nid", "uid", "body", "comment", "created", "promote", "moderate", "revisions", "status", "teaser", "title", "type" => $node->type);
}
else {
$fields = array("nid", "uid" => $user->uid, "body", "teaser", "title", "type" => $node->type);
}
node_save($node, array_merge($fields, module_invoke($node->type, "save", "update", $node)));
watchdog("special", "$node->type: updated '$node->title'");
$output = t("The node has been updated.");
} }
else { else {
$fields = array("nid", "uid" => $user->uid, "body", "teaser", "title", "type" => $node->type); watchdog("warning", "$node->type: not authorized to update node");
$output = t("You are not authorized to update this node.");
} }
node_save($node, array_merge($fields, module_invoke($node->type, "save", "update", $node)));
watchdog("special", "$node->type: updated '$node->title'");
$output = t("The node has been updated.");
} }
else { else {
watchdog("warning", "$node->type: not authorized to update node");
$output = t("You are not authorized to update this node.");
}
} /*
else { ** Check whether the current user has the proper access rights to
** perform this operation:
*/
/* if (node_access("create", $node)) {
** Check whether the current user has the proper access rights to
** perform this operation:
*/
if (node_access("create", $node)) { /*
** Compile a list of the node fields and their default values that users
** and administrators are allowed to save when inserting a new node.
*/
/* if (user_access("administer nodes")) {
** Compile a list of the node fields and their default values that users $fields = array("uid", "body", "comment" => 1, "promote", "moderate", "status" => 1, "teaser", "title", "type" => $node->type);
** and administrators are allowed to save when inserting a new node. }
*/ else {
$fields = array("uid" => $user->uid, "body", "comment" => 1, "teaser", "title", "type" => $node->type);
}
node_save($node, array_merge($fields, module_invoke($node->type, "save", "create", $node)));
if (user_access("administer nodes")) { watchdog("special", "$node->type: added '$node->title'");
$fields = array("uid", "body", "comment" => 1, "promote", "moderate", "status" => 1, "teaser", "title", "type" => $node->type); $output = t("Thanks for your submission.");
} }
else { else {
$fields = array("uid" => $user->uid, "body", "comment" => 1, "teaser", "title", "type" => $node->type); watchdog("warning", "$node->type: not authorized to create node");
$output = t("You are not authorized to create this node.");
} }
node_save($node, array_merge($fields, module_invoke($node->type, "save", "create", $node)));
watchdog("special", "$node->type: added '$node->title'");
$output = t("Thanks for your submission.");
}
else {
watchdog("warning", "$node->type: not authorized to create node");
$output = t("You are not authorized to create this node.");
} }
} }
else {
$output = message_access();
}
return $output; return $output;
} }
......
...@@ -49,11 +49,11 @@ function node_perm() { ...@@ -49,11 +49,11 @@ function node_perm() {
} }
function node_search($keys) { function node_search($keys) {
global $user; global $PHP_SELF;
$result = db_query("SELECT n.nid, n.title, n.created, u.uid, u.name FROM node n LEFT JOIN users u ON n.uid = u.uid WHERE n.status = 1 AND (n.title LIKE '%$keys%' OR n.teaser LIKE '%$keys%' OR n.body LIKE '%$keys%') ORDER BY n.created DESC LIMIT 20"); $result = db_query("SELECT n.nid, n.title, n.created, u.uid, u.name FROM node n LEFT JOIN users u ON n.uid = u.uid WHERE n.status = 1 AND (n.title LIKE '%$keys%' OR n.teaser LIKE '%$keys%' OR n.body LIKE '%$keys%') ORDER BY n.created DESC LIMIT 20");
while ($node = db_fetch_object($result)) { while ($node = db_fetch_object($result)) {
$find[$i++] = array("title" => check_output($node->title), "link" => (user_access("administer nodes") ? "admin.php?mod=node&type=node&op=edit&id=$node->nid" : "node.php?id=$node->nid"), "user" => $node->name, "date" => $node->created); $find[$i++] = array("title" => check_output($node->title), "link" => (strstr($PHP_SELF, "admin.php") ? "admin.php?mod=node&type=node&op=edit&id=$node->nid" : "node.php?id=$node->nid"), "user" => $node->name, "date" => $node->created);
} }
return $find; return $find;
...@@ -134,7 +134,7 @@ function node_link($type, $node = 0, $main = 0) { ...@@ -134,7 +134,7 @@ function node_link($type, $node = 0, $main = 0) {
$links[] = "<a href=\"admin.php?mod=node\">content management</a>"; $links[] = "<a href=\"admin.php?mod=node\">content management</a>";
} }
if ($type == "page") { if ($type == "page" && user_access("post content")) {
$links[] = "<a href=\"module.php?mod=node&op=add\">submit</a>"; $links[] = "<a href=\"module.php?mod=node&op=add\">submit</a>";
} }
...@@ -743,96 +743,102 @@ function node_preview($edit) { ...@@ -743,96 +743,102 @@ function node_preview($edit) {
function node_submit($node) { function node_submit($node) {
global $user; global $user;
/* if (user_access("post content")) {
** Verify a user's submission rate and avoid duplicate nodes being
** inserted:
*/
throttle("node", variable_get("max_node_rate", 900));
/*
** Fixup the node when required:
*/
$node = node_validate($node); /*
** Verify a user's submission rate and avoid duplicate nodes being
** inserted:
*/
/* throttle("node", variable_get("max_node_rate", 900));
** Apply the filters:
*/
$node->teaser = filter($node->teaser); /*
$node->title = filter($node->title); ** Fixup the node when required:
$node->body = filter($node->body); */
/* $node = node_validate($node);
** Create a new revision when required:
*/
$node = node_revision_create($node); /*
** Apply the filters:
*/
if ($node->nid) { $node->teaser = filter($node->teaser);
$node->title = filter($node->title);
$node->body = filter($node->body);
/* /*
** Check whether the current user has the proper access rights to ** Create a new revision when required:
** perform this operation:
*/ */
if (node_access("update", $node)) { $node = node_revision_create($node);
if ($node->nid) {
/* /*
** Compile a list of the node fields and their default values that users ** Check whether the current user has the proper access rights to
** and administrators are allowed to save when updating a node. ** perform this operation:
*/ */
if (user_access("administer nodes")) { if (node_access("update", $node)) {
$fields = array("nid", "uid", "body", "comment", "created", "promote", "moderate", "revisions", "status", "teaser", "title", "type" => $node->type);
/*
** Compile a list of the node fields and their default values that users
** and administrators are allowed to save when updating a node.
*/
if (user_access("administer nodes")) {
$fields = array("nid", "uid", "body", "comment", "created", "promote", "moderate", "revisions", "status", "teaser", "title", "type" => $node->type);
}
else {
$fields = array("nid", "uid" => $user->uid, "body", "teaser", "title", "type" => $node->type);
}
node_save($node, array_merge($fields, module_invoke($node->type, "save", "update", $node)));
watchdog("special", "$node->type: updated '$node->title'");
$output = t("The node has been updated.");
} }
else { else {
$fields = array("nid", "uid" => $user->uid, "body", "teaser", "title", "type" => $node->type); watchdog("warning", "$node->type: not authorized to update node");
$output = t("You are not authorized to update this node.");
} }
node_save($node, array_merge($fields, module_invoke($node->type, "save", "update", $node)));
watchdog("special", "$node->type: updated '$node->title'");
$output = t("The node has been updated.");
} }
else { else {
watchdog("warning", "$node->type: not authorized to update node");
$output = t("You are not authorized to update this node.");
}
} /*
else { ** Check whether the current user has the proper access rights to
** perform this operation:
*/
/* if (node_access("create", $node)) {
** Check whether the current user has the proper access rights to
** perform this operation:
*/
if (node_access("create", $node)) { /*
** Compile a list of the node fields and their default values that users
** and administrators are allowed to save when inserting a new node.
*/
/* if (user_access("administer nodes")) {
** Compile a list of the node fields and their default values that users $fields = array("uid", "body", "comment" => 1, "promote", "moderate", "status" => 1, "teaser", "title", "type" => $node->type);
** and administrators are allowed to save when inserting a new node. }
*/ else {
$fields = array("uid" => $user->uid, "body", "comment" => 1, "teaser", "title", "type" => $node->type);
}
node_save($node, array_merge($fields, module_invoke($node->type, "save", "create", $node)));
if (user_access("administer nodes")) { watchdog("special", "$node->type: added '$node->title'");
$fields = array("uid", "body", "comment" => 1, "promote", "moderate", "status" => 1, "teaser", "title", "type" => $node->type); $output = t("Thanks for your submission.");
} }
else { else {
$fields = array("uid" => $user->uid, "body", "comment" => 1, "teaser", "title", "type" => $node->type); watchdog("warning", "$node->type: not authorized to create node");
$output = t("You are not authorized to create this node.");
} }
node_save($node, array_merge($fields, module_invoke($node->type, "save", "create", $node)));
watchdog("special", "$node->type: added '$node->title'");
$output = t("Thanks for your submission.");
}
else {
watchdog("warning", "$node->type: not authorized to create node");
$output = t("You are not authorized to create this node.");
} }
} }
else {
$output = message_access();
}
return $output; return $output;
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment