Deltacms/Deltacms
Deltacms
/
Deltacms
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

sécurité des modules de page

This commit is contained in:
Deltacms 2023-09-11 11:50:11 +02:00
parent b0e8cfbb9e
commit 4272e85902
9 changed files with 2421 additions and 2043 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
module/agenda/agenda.php
View File

@ -126,6 +126,15 @@ class agenda extends common {
* Configuration Paramètrage
*/
public function config() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < agenda::$actions['config'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
include('./module/agenda/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_agenda.php');
// Mise à jour des données de module
@ -317,6 +326,7 @@ class agenda extends common {
]);
}
}
}
/**
* Liaison entre edition et suppression d'un évènement
@ -332,6 +342,17 @@ class agenda extends common {
* Suppression d'un évènement
*/
public function delete($lid, $sauve, $json) {
// Autorisation si groupe autorisé à modifier l'evt $lid
$group = $this->getUser('group');
if ($group === false ) $group = 0;
$json = file_get_contents(self::DATAMODULE.'data/'.$this->getUrl(0).'/events.json');
$tableau = json_decode($json, true);
if( $group < $tableau[$lid]['groupe_mod'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
include('./module/agenda/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_agenda.php');
$json_initial = $json;
@ -390,7 +411,7 @@ class agenda extends common {
else{
return $json;
}
}
}
@ -398,6 +419,15 @@ class agenda extends common {
* Suppression de tous les évènements
*/
public function deleteall() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < agenda::$actions['deleteall'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
include('./module/agenda/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_agenda.php');
//Sauvegarde dans data de l'agenda actuel bien qu'il soit déjà sauvegardé dans data_sauve
@ -414,13 +444,22 @@ class agenda extends common {
'redirect' => helper::baseUrl() . $this->getUrl(0),
'state' => true
]);
}
}
/*
* Gestion des catégories
*/
public function categories(){
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < agenda::$actions['categories'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
include('./module/agenda/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_agenda.php');
// Soumission du formulaire
@ -489,11 +528,21 @@ class agenda extends common {
'view' => 'categorie'
]);
}
}
/*
* Suppression d'une catégorie
*/
public function categorieDelete(){
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < agenda::$actions['categorieDelete'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
include('./module/agenda/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_agenda.php');
$json = file_get_contents(self::DATAMODULE.'categories/categories.json');
@ -515,6 +564,7 @@ class agenda extends common {
'state' => true
]);
}
}
/**
* Création

90
module/blog/blog.php
View File

@ -198,6 +198,15 @@ class blog extends common {
* Configuration des textes visibles par l'utiliateur
*/
public function texts() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < blog::$actions['texts'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
$param = 'blog';
include('./module/blog/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_blog.php');
@ -237,10 +246,20 @@ class blog extends common {
'view' => 'texts',
]);
}
}
/**
* Édition
*/
public function add() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < blog::$actions['add'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
$param = 'blog';
include('./module/blog/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_blog.php');
@ -305,11 +324,21 @@ class blog extends common {
'view' => 'add'
]);
}
}
/**
* Liste des commentaires
*/
public function comment() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < blog::$actions['comment'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
$param = 'blog';
include('./module/blog/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_blog.php');
@ -368,11 +397,21 @@ class blog extends common {
'view' => 'comment'
]);
}
}
/**
* Suppression de commentaire
*/
public function commentDelete() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < blog::$actions['commentDelete'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
$param = 'blog';
include('./module/blog/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_blog.php');
@ -403,11 +442,21 @@ class blog extends common {
]);
}
}
}
/**
* Suppression de tous les commentaires de l'article $this->getUrl(2)
*/
public function commentDeleteAll() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < blog::$actions['commentDeleteAll'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
$param = 'blog';
include('./module/blog/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_blog.php');
@ -431,11 +480,21 @@ class blog extends common {
]);
}
}
}
/**
* Approbation oou désapprobation de commentaire
*/
public function commentApprove() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < blog::$actions['commentApprove'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
$param = 'blog';
include('./module/blog/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_blog.php');
@ -474,11 +533,21 @@ class blog extends common {
]);
}
}
}
/**
* Configuration
*/
public function config() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < blog::$actions['config'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
$param = 'blog';
include('./module/blog/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_blog.php');
@ -583,11 +652,21 @@ class blog extends common {
]);
}
}
}
/**
* Suppression
*/
public function delete() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < blog::$actions['delete'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
$param = 'blog';
include('./module/blog/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_blog.php');
@ -617,11 +696,21 @@ class blog extends common {
]);
}
}
}
/**
* Édition
*/
public function edit() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < blog::$actions['edit'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
$param = 'blog';
include('./module/blog/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_blog.php');
@ -713,6 +802,7 @@ class blog extends common {
]);
}
}
}
/**
* Accueil (deux affichages en un pour éviter une url à rallonge)

53
module/form/form.php
View File

@ -31,8 +31,7 @@ class form extends common {
'delete' => self::GROUP_MODERATOR,
'deleteall' => self::GROUP_MODERATOR,
'index' => self::GROUP_VISITOR,
'export2csv' => self::GROUP_MODERATOR,
'output2csv' => self::GROUP_MODERATOR
'export2csv' => self::GROUP_MODERATOR
];
public static $data = [];
@ -95,6 +94,15 @@ class form extends common {
* Configuration
*/
public function config() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < form::$actions['config'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
$param = '';
include('./module/form/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_form.php');
@ -173,11 +181,21 @@ class form extends common {
'view' => 'config'
]);
}
}
/**
* Données enregistrées
*/
public function data() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < form::$actions['data'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
$param = '';
include('./module/form/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_form.php');
@ -212,11 +230,21 @@ class form extends common {
'view' => 'data'
]);
}
}
/**
* Export CSV
*/
public function export2csv() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < form::$actions['export2csv'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
$param = '';
include('./module/form/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_form.php');
@ -254,12 +282,22 @@ class form extends common {
}
}
}
}
/**
* Suppression
*/
public function deleteall() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < form::$actions['deleteall'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
$param = '';
include('./module/form/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_form.php');
@ -292,12 +330,22 @@ class form extends common {
}
}
}
}
/**
* Suppression
*/
public function delete() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < form::$actions['delete'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
$param = '';
include('./module/form/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_form.php');
@ -328,6 +376,7 @@ class form extends common {
}
}
}
}

70
module/gallery/gallery.php
View File

@ -175,6 +175,15 @@ class gallery extends common {
*
*/
public function sortGalleries() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < gallery::$actions['sortGalleries'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
if($_POST['response']) {
$data = explode('&',$_POST['response']);
$data = str_replace('galleryTable%5B%5D=','',$data);
@ -195,12 +204,22 @@ class gallery extends common {
}
}
}
}
/**
* Tri de la liste des images
*
*/
public function sortPictures() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < gallery::$actions['sortPictures'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
if($_POST['response']) {
$galleryName = $_POST['gallery'];
$data = explode('&',$_POST['response']);
@ -221,12 +240,22 @@ class gallery extends common {
]]);
}
}
}
/**
* Configuration
*/
public function config() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < gallery::$actions['config'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
$param = '';
include('./module/gallery/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_gallery.php');
@ -324,11 +353,21 @@ class gallery extends common {
]
]);
}
}
/**
* Suppression
*/
public function delete() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < gallery::$actions['delete'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
$param = '';
include('./module/gallery/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_gallery.php');
@ -360,11 +399,21 @@ class gallery extends common {
]);
}
}
}
/**
* Liste des dossiers
*/
public function dirs() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < gallery::$actions['dirs'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Valeurs en sortie
$filter = ['jpg', 'jpeg', 'png', 'gif', 'tiff', 'ico', 'webp'];
$this->addOutput([
@ -372,11 +421,21 @@ class gallery extends common {
'content' => helper::scanDir(self::FILE_DIR.'source', $filter)
]);
}
}
/**
* Édition
*/
public function edit() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < gallery::$actions['edit'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
$param = '';
include('./module/gallery/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_gallery.php');
@ -518,6 +577,7 @@ class gallery extends common {
]);
}
}
}
/**
* Accueil (deux affichages en un pour éviter une url à rallonge)
@ -657,6 +717,15 @@ class gallery extends common {
* Thème de la galerie
*/
public function theme() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < gallery::$actions['theme'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
$param = '';
include('./module/gallery/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_gallery.php');
@ -727,6 +796,7 @@ class gallery extends common {
]
]);
}
}
}

40
module/news/news.php
View File

@ -108,6 +108,15 @@ class news extends common {
* Ajout d'un article
*/
public function add() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < news::$actions['add'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
include('./module/news/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_news.php');
// Soumission du formulaire
@ -148,11 +157,21 @@ class news extends common {
'view' => 'add'
]);
}
}
/**
* Configuration
*/
public function config() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < news::$actions['config'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
include('./module/news/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_news.php');
// Mise à jour des données de module
@ -282,11 +301,21 @@ class news extends common {
]);
}
}
}
/**
* Suppression
*/
public function delete() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < news::$actions['delete'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
include('./module/news/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_news.php');
// La news n'existe pas
@ -315,11 +344,21 @@ class news extends common {
]);
}
}
}
/**
* Édition
*/
public function edit() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < news::$actions['edit'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
include('./module/news/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_news.php');
// Jeton incorrect
@ -384,6 +423,7 @@ class news extends common {
]);
}
}
}
/**
* Accueil

10
module/redirection/redirection.php
View File

@ -34,6 +34,15 @@ class redirection extends common {
* Configuration
*/
public function config() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < redirection::$actions['config'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
include('./module/redirection/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_redirection.php');
@ -53,6 +62,7 @@ class redirection extends common {
'view' => 'config'
]);
}
}
/**
* Accueil

10
module/search/search.php
View File

@ -142,6 +142,15 @@ class search extends common {
// Configuration vide
public function config() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < search::$actions['config'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
include('./module/search/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_search.php');
@ -190,6 +199,7 @@ class search extends common {
]
]);
}
}
public function index() {

10
module/slider/slider.php
View File

@ -119,6 +119,15 @@ class slider extends common {
* Configuration
*/
public function config() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < slider::$actions['config'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
include('./module/slider/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_slider.php');
// Liste des dossiers dans site/file/source triés et non vides
@ -245,6 +254,7 @@ class slider extends common {
'view' => 'config'
]);
}
}
/**
* Vue publique du slider

61
module/statislite/statislite.php
View File

@ -32,7 +32,7 @@ class statislite extends common {
'conversionTime' => self::GROUP_VISITOR
];
const VERSION = '4.8';
const VERSION = '4.9';
const REALNAME = 'Statislite';
const DELETE = true;
const UPDATE = '2.6';
@ -97,9 +97,9 @@ class statislite extends common {
copy('./module/statislite/ressource/download_counter/download_counter.php', self::DATAMODULE.'/download_counter/download_counter.php');
$this->setData(['module', $this->getUrl(0), 'config', 'versionData','4.7']);
}
// Version 4.8
if (version_compare($this->getData(['module', $this->getUrl(0), 'config', 'versionData']), '4.8', '<') ) {
$this->setData(['module', $this->getUrl(0), 'config', 'versionData','4.8']);
// Version 4.9
if (version_compare($this->getData(['module', $this->getUrl(0), 'config', 'versionData']), '4.9', '<') ) {
$this->setData(['module', $this->getUrl(0), 'config', 'versionData','4.9']);
}
}
@ -107,6 +107,15 @@ class statislite extends common {
* Configuration
*/
public function config() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < statislite::$actions['config'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
include('./module/statislite/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_statislite.php');
@ -231,11 +240,21 @@ class statislite extends common {
]);
}
}
}
/**
* Configuration avancée
*/
public function advanced() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < statislite::$actions['advanced'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
include('./module/statislite/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_statislite.php');
@ -388,12 +407,22 @@ class statislite extends common {
'view' => 'advanced'
]);
}
}
/**
* Fonction initJson()
*/
public function initJson() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < statislite::$actions['initJson'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
include('./module/statislite/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_statislite.php');
@ -423,12 +452,22 @@ class statislite extends common {
}
}
}
/**
* Fonction sauveJson()
*/
public function sauveJson() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < statislite::$actions['sauveJson'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
include('./module/statislite/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_statislite.php');
@ -440,13 +479,22 @@ class statislite extends common {
'notification' => $text['statislite']['sauveJson'][0],
'state' => true
]);
}
}
/**
* Fonction initDownload()
*/
public function initDownload() {
// Autorisation
$group = $this->getUser('group');
if ($group === false ) $group = 0;
if( $group < statislite::$actions['initDownload'] ) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Lexique
include('./module/statislite/lang/'. $this->getData(['config', 'i18n', 'langAdmin']) . '/lex_statislite.php');
@ -466,7 +514,7 @@ class statislite extends common {
'notification' => $text['statislite']['initDownload'][1],
'state' => true
]);
}
}
}
@ -484,6 +532,7 @@ class statislite extends common {
$this->custom_copy('./module/statislite/ressource', self::DATAMODULE);
if( !is_dir( self::DATAMODULE.'/json' )) mkdir( self::DATAMODULE.'/json', 0755);
if( !is_dir( self::DATAMODULE.'/json_sauve' ))mkdir( self::DATAMODULE.'/json_sauve', 0755);
if( !is_dir( self::DATAMODULE.'/tmp' ))mkdir( self::DATAMODULE.'/tmp', 0755);
$this->setData(['module', $this->getUrl(0), 'config',[
'timeVisiteMini' => '30',