ZwiiCMS-Team/ZwiiCMS
ZwiiCMS-Team
/
ZwiiCMS
3
3
Fork 2
Code Releases 144 Activity

Implémentation des sécurités à tester

This commit is contained in:
Fred Tempez 2023-06-29 10:30:12 +02:00
parent b7d1f9e1f1
commit 101da263fd
11 changed files with 727 additions and 667 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
core/module/config/config.php
View File

@ -211,7 +211,15 @@ class config extends common
*/
public function siteMap()
{
// La page n'existe pas
if (
$this->getUser('permission', __CLASS__, __FUNCTION__) !== true
) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Mettre à jour le site map
$successSitemap = $this->updateSitemap();
@ -223,6 +231,8 @@ class config extends common
]);
}
}
/**
* Sauvegarde des données
@ -494,7 +504,8 @@ class config extends common
unlink($filename);
}
}
if (file_exists('site/data/.backup')) unlink('site/data/.backup');
if (file_exists('site/data/.backup'))
unlink('site/data/.backup');
} else {
touch('site/data/.backup');
}

10
core/module/install/install.php
View File

@ -416,6 +416,15 @@ class install extends common
*/
public function update()
{
// Action interdite
if (
$this->getUser('permission', __CLASS__, __FUNCTION__) !== true
) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Nouvelle version
self::$newVersion = helper::getUrlContents(common::ZWII_UPDATE_URL . common::ZWII_UPDATE_CHANNEL . '/version');
// Valeurs en sortie
@ -425,5 +434,6 @@ class install extends common
'view' => 'update'
]);
}
}
}

20
core/module/page/page.php
View File

@ -182,18 +182,14 @@ class page extends common
// $url prend l'adresse sans le token
$page = $this->getUrl(2);
// La page n'existe pas
if ($this->getData(['page', $page]) === null) {
if (
$this->getUser('permission', __CLASS__, __FUNCTION__) !== true ||
$this->getData(['page', $page]) === null
) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} // Action interdite
elseif ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . 'page/edit/' . $page,
'notification' => helper::translate('Jeton invalide')
]);
}
// Impossible de supprimer la page d'accueil
elseif ($page === $this->getData(['locale', 'homePageId'])) {
@ -288,7 +284,10 @@ class page extends common
public function edit()
{
// La page n'existe pas
if ($this->getData(['page', $this->getUrl(2)]) === null) {
if (
$this->getUser('permission', __CLASS__, __FUNCTION__) !== true ||
$this->getData(['page', $this->getUrl(2)]) === null
) {
// Valeurs en sortie
$this->addOutput([
'access' => false
@ -602,7 +601,8 @@ class page extends common
* Retourne les informations sur les pages en omettant les clés CSS et JS qui occasionnent des bugs d'affichage dans l'éditeur de page
* @return array tableau associatif des pages dans le menu
*/
public function getPageInfo() {
public function getPageInfo()
{
$p = $this->getData(['page']);
$d = array_map(function ($d) {
unset($d["css"], $d["js"]);

42
core/module/plugin/plugin.php
View File

@ -63,12 +63,10 @@ class plugin extends common
{
// Action interdite
if ($this->checkCSRF()) {
if ($this->getUser('permission', __CLASS__, __FUNCTION__) !== true) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . 'plugin',
'state' => false,
'notification' => helper::translate('Action interdite')
'access' => false
]);
} else {
// Suppression des dossiers
@ -243,13 +241,14 @@ class plugin extends common
: helper::translate('Erreur inconnue, le module n\'est pas installé')
]);
} else {
// Supprimer le dossier temporaire
$this->removeDir(self::TEMP_DIR . $tempFolder);
$zip->close();
return ([
'success' => false,
'notification' => helper::translate('Erreur inconnue, le module n\'est pas installé')
]);
// Supprimer le dossier temporaire
$this->removeDir(self::TEMP_DIR . $tempFolder);
$zip->close();
}
} else {
// Message de retour
@ -266,6 +265,7 @@ class plugin extends common
public function upload()
{
// Soumission du formulaire
if ($this->isPost()) {
// Installation d'un module
$checkValidMaj = $this->getInput('configModulesCheck', helper::FILTER_BOOLEAN);
@ -292,12 +292,10 @@ class plugin extends common
public function uploadItem()
{
// Action interdite
if ($this->checkCSRF()) {
if ($this->getUser('permission', __CLASS__, __FUNCTION__) !== true) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . 'store',
'state' => false,
'notification' => helper::translate('Action interdite')
'access' => false
]);
} else {
// Récupérer le module en ligne
@ -572,15 +570,12 @@ class plugin extends common
public function save()
{
// Action interdite
if ($this->checkCSRF()) {
if ($this->getUser('permission', __CLASS__, __FUNCTION__) !== true) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . 'plugin',
'state' => false,
'notification' => helper::translate('Action interdite')
'access' => false
]);
} else {
// Créer un dossier temporaire
$tmpFolder = self::TEMP_DIR . uniqid();
if (!is_dir($tmpFolder)) {
@ -646,12 +641,10 @@ class plugin extends common
public function dataDelete()
{
// Action interdite
if ($this->checkCSRF()) {
if ($this->getUser('permission', __CLASS__, __FUNCTION__) !== true) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . 'plugin',
'state' => false,
'notification' => helper::translate('Action interdite')
'access' => false
]);
} else {
$this->setData(['page', $this->getUrl(4), 'moduleId', '']);
@ -672,20 +665,16 @@ class plugin extends common
* 2 : i18n id
* 3 : moduleId
* 4 : pageId
* 5 : CSRF
*/
public function dataExport()
{
// Action interdite
if ($this->checkCSRF()) {
if ($this->getUser('permission', __CLASS__, __FUNCTION__) !== true) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . 'plugin',
'state' => false,
'notification' => helper::translate('Action interdite')
'access' => false
]);
} else {
// Créer un dossier temporaire
$tmpFolder = self::TEMP_DIR . uniqid();
if (!is_dir($tmpFolder)) {
@ -769,7 +758,6 @@ class plugin extends common
*/
public function dataImport()
{
// Soumission du formulaire d'importation du module dans une page libre
if ($this->isPost()) {
// Récupérer le fichier et le décompacter

131
core/module/theme/theme.php
View File

@ -105,7 +105,8 @@ class theme extends common
'2.4vmax' => '240%'
];
public static $headerHeights = [
'unset' => 'Libre', // texte dynamique cf header.js.php
'unset' => 'Libre',
// texte dynamique cf header.js.php
'100px' => '100px',
'150px' => '150px',
'200px' => '200px',
@ -249,7 +250,9 @@ class theme extends common
{
// Soumission du formulaire
if ($this->isPost()) {
$this->setData(['admin', [
$this->setData([
'admin',
[
'backgroundColor' => $this->getInput('adminBackgroundColor'),
'colorTitle' => $this->getInput('adminColorTitle'),
'colorText' => $this->getInput('adminColorText'),
@ -263,7 +266,8 @@ class theme extends common
'fontTitle' => $this->getInput('adminFontTitle'),
'backgroundBlockColor' => $this->getInput('adminBackGroundBlockColor'),
'borderBlockColor' => $this->getInput('adminBorderBlockColor'),
]]);
]
]);
// Valeurs en sortie
$this->addOutput([
'notification' => helper::translate('Modifications enregistrées'),
@ -318,7 +322,10 @@ class theme extends common
{
// Soumission du formulaire
if ($this->isPost()) {
$this->setData(['theme', 'body', [
$this->setData([
'theme',
'body',
[
'backgroundColor' => $this->getInput('themeBodyBackgroundColor'),
'image' => $this->getInput('themeBodyImage'),
'imageAttachment' => $this->getInput('themeBodyImageAttachment'),
@ -327,7 +334,8 @@ class theme extends common
'imageSize' => $this->getInput('themeBodyImageSize'),
'toTopbackgroundColor' => $this->getInput('themeBodyToTopBackground'),
'toTopColor' => $this->getInput('themeBodyToTopColor')
]]);
]
]);
// Valeurs en sortie
$this->addOutput([
'notification' => helper::translate('Modifications enregistrées'),
@ -364,7 +372,10 @@ class theme extends common
'state' => false
]);
} else {
$this->setData(['theme', 'footer', [
$this->setData([
'theme',
'footer',
[
'backgroundColor' => $this->getInput('themeFooterBackgroundColor'),
'copyrightAlign' => $this->getInput('themeFooterCopyrightAlign'),
'height' => $this->getInput('themeFooterHeight'),
@ -391,7 +402,8 @@ class theme extends common
'displaySearch' => $this->getInput('themeFooterDisplaySearch', helper::FILTER_BOOLEAN),
'memberBar' => $this->getInput('themeFooterMemberBar', helper::FILTER_BOOLEAN),
'template' => $this->getInput('themeFooterTemplate')
]]);
]
]);
// Sauvegarder la configuration localisée
$this->setData(['locale', 'legalPageId', $this->getInput('configLegalPageId')]);
@ -453,7 +465,10 @@ class theme extends common
}
// Sauvegarder
$this->setData(['theme', 'header', [
$this->setData([
'theme',
'header',
[
'backgroundColor' => $this->getInput('themeHeaderBackgroundColor'),
'font' => $this->getInput('themeHeaderFont'),
'fontSize' => $this->getInput('themeHeaderFontSize'),
@ -475,7 +490,8 @@ class theme extends common
'feature' => $this->getInput('themeHeaderFeature'),
'featureContent' => $featureContent,
'featureFiles' => $files
]]);
]
]);
// Modification de la position du menu selon la position de la bannière
if ($this->getData(['theme', 'header', 'position']) == 'site') {
$this->setData(['theme', 'menu', 'position', str_replace('body-', 'site-', $this->getData(['theme', 'menu', 'position']))]);
@ -535,7 +551,10 @@ class theme extends common
{
// Soumission du formulaire
if ($this->isPost()) {
$this->setData(['theme', 'menu', [
$this->setData([
'theme',
'menu',
[
'backgroundColor' => $this->getInput('themeMenuBackgroundColor'),
'backgroundColorSub' => $this->getInput('themeMenuBackgroundColorSub'),
'font' => $this->getInput('themeMenuFont'),
@ -558,7 +577,8 @@ class theme extends common
'memberBar' => $this->getInput('themeMenuMemberBar', helper::FILTER_BOOLEAN),
'burgerLogo' => $this->getInput('themeMenuBurgerLogo'),
'burgerContent' => $this->getInput('themeMenuBurgerContent')
]]);
]
]);
// Valeurs en sortie
$this->addOutput([
'notification' => helper::translate('Modifications enregistrées'),
@ -676,7 +696,8 @@ class theme extends common
$this->setData([
'font',
$type,
$fontId, [
$fontId,
[
'name' => $fontName,
'font-family' => $fontFamilyName,
'resource' => $ressource
@ -741,7 +762,8 @@ class theme extends common
$this->setData([
'font',
$type,
$fontId, [
$fontId,
[
'name' => $fontName,
'font-family' => $fontFamilyName,
'resource' => $ressource
@ -775,11 +797,14 @@ class theme extends common
public function fontDelete()
{
// Action interdite
if ($this->checkCSRF()) {
if (
$this->getUser('permission', __CLASS__, __FUNCTION__) !== true ||
$this->checkCSRF()
) {
// Valeurs en sortie
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . 'theme/fonts',
'notification' => helper::translate('Action interdite')
'access' => false
]);
}
// Suppression
@ -811,6 +836,15 @@ class theme extends common
*/
public function reset()
{
// Action interdite
if (
$this->getUser('permission', __CLASS__, __FUNCTION__) !== true
) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Réinitialisation
$redirect = '';
switch ($this->getUrl(2)) {
@ -836,7 +870,7 @@ class theme extends common
'redirect' => $redirect,
'state' => true
]);
}
}
@ -847,32 +881,52 @@ class theme extends common
{
// Soumission du formulaire
if ($this->isPost()) {
$this->setData(['theme', 'title', [
$this->setData([
'theme',
'title',
[
'font' => $this->getInput('themeTitleFont'),
'textColor' => $this->getInput('themeTitleTextColor'),
'fontWeight' => $this->getInput('themeTitleFontWeight'),
'textTransform' => $this->getInput('themeTitleTextTransform')
]]);
$this->setData(['theme', 'text', [
]
]);
$this->setData([
'theme',
'text',
[
'font' => $this->getInput('themeTextFont'),
'fontSize' => $this->getInput('themeTextFontSize'),
'textColor' => $this->getInput('themeTextTextColor'),
'linkColor' => $this->getInput('themeTextLinkColor')
]]);
$this->setData(['theme', 'site', [
]
]);
$this->setData([
'theme',
'site',
[
'backgroundColor' => $this->getInput('themeSiteBackgroundColor'),
'radius' => $this->getInput('themeSiteRadius'),
'shadow' => $this->getInput('themeSiteShadow'),
'width' => $this->getInput('themeSiteWidth'),
'margin' => $this->getInput('themeSiteMargin', helper::FILTER_BOOLEAN)
]]);
$this->setData(['theme', 'button', [
]
]);
$this->setData([
'theme',
'button',
[
'backgroundColor' => $this->getInput('themeButtonBackgroundColor')
]]);
$this->setData(['theme', 'block', [
]
]);
$this->setData([
'theme',
'block',
[
'backgroundColor' => $this->getInput('themeBlockBackgroundColor'),
'borderColor' => $this->getInput('themeBlockBorderColor')
]]);
]
]);
// Valeurs en sortie
$this->addOutput([
'notification' => helper::translate('Modifications enregistrées'),
@ -913,7 +967,8 @@ class theme extends common
'notification' => $data['notification'],
'state' => $data['success'],
'view' => 'manage'
]);;
]);
;
}
}
// Valeurs en sortie
@ -1015,6 +1070,15 @@ class theme extends common
*/
public function export()
{
// Action interdite
if (
$this->getUser('permission', __CLASS__, __FUNCTION__) !== true
) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Make zip
$zipFilename = $this->zipTheme($this->getUrl(2));
// Téléchargement du ZIP
@ -1028,12 +1092,22 @@ class theme extends common
unlink(self::TEMP_DIR . $zipFilename);
exit();
}
}
/**
* Export du thème
*/
public function save()
{
// Action interdite
if (
$this->getUser('permission', __CLASS__, __FUNCTION__) !== true
) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
// Make zip
$zipFilename = $this->zipTheme($this->getUrl(2));
// Téléchargement du ZIP
@ -1050,6 +1124,7 @@ class theme extends common
'state' => true
]);
}
}
/**
* construction du zip Fonction appelée par export() et save()

20
core/module/user/user.php
View File

@ -184,7 +184,7 @@ class user extends common
{
// Accès refusé
if (
$this->getUser('permission', __CLASS__, __FUNCTION__) === false ||
$this->getUser('permission', __CLASS__, __FUNCTION__) !== true ||
// L'utilisateur n'existe pas
$this->getData(['user', $this->getUrl(2)]) === null
// Groupe insuffisant
@ -231,16 +231,13 @@ class user extends common
public function edit()
{
if (
$this->getUser('permission', __CLASS__, __FUNCTION__) === false
$this->getUser('permission', __CLASS__, __FUNCTION__) !== true
) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . 'user',
'notification' => helper::translate('Action interdite')
'access' => false
]);
}
// Accès refusé
} else {
if (
// L'utilisateur n'existe pas
$this->getData(['user', $this->getUrl(2)]) === null
@ -379,6 +376,7 @@ class user extends common
]);
}
}
}
/**
* Mot de passe perdu
@ -532,14 +530,12 @@ class user extends common
public function profilEdit()
{
if (
$this->getUser('permission', __CLASS__, __FUNCTION__) === false ||
$this->getUser('permission', __CLASS__, __FUNCTION__) !== true ||
$this->checkCSRF()
) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . 'user',
'notification' => helper::translate('Action interdite')
'access' => false
]);
}
@ -805,7 +801,7 @@ class user extends common
public function profilDelete()
{
if (
$this->getUser('permission', __CLASS__, __FUNCTION__) === false ||
$this->getUser('permission', __CLASS__, __FUNCTION__) !== true ||
$this->getData(['profil', $this->getUrl(2), $this->getUrl(3)]) === null
) {
// Valeurs en sortie

56
module/blog/blog.php
View File

@ -317,6 +317,14 @@ class blog extends common
*/
public function comment()
{
if (
$this->getUser('permission', __CLASS__, __FUNCTION__) !== true
) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
} else {
$comments = $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'comment']);
self::$commentsDelete = template::button('blogCommentDeleteAll', [
'class' => 'blogCommentDeleteAll buttonRed',
@ -365,6 +373,7 @@ class blog extends common
'view' => 'comment'
]);
}
}
/**
* Suppression de commentaire
@ -372,20 +381,15 @@ class blog extends common
public function commentDelete()
{
// Le commentaire n'existe pas
if ($this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'comment', $this->getUrl(3)]) === null) {
if (
$this->getUser('permission', __CLASS__, __FUNCTION__) !== true ||
$this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'comment', $this->getUrl(3)]) === null
) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
}
// Action interdite
elseif ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => helper::translate('Action interdite')
]);
}
// Suppression
else {
$this->deleteData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'comment', $this->getUrl(3)]);
@ -403,12 +407,12 @@ class blog extends common
*/
public function commentDeleteAll()
{
// Action interdite
if ($this->checkCSRF()) {
if (
$this->getUser('permission', __CLASS__, __FUNCTION__) !== true
) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Action interdite'
'access' => false
]);
}
// Suppression
@ -429,20 +433,15 @@ class blog extends common
public function commentApprove()
{
// Le commentaire n'existe pas
if ($this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'comment', $this->getUrl(3)]) === null) {
if (
$this->getUser('permission', __CLASS__, __FUNCTION__) !== true ||
$this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'comment', $this->getUrl(3)]) === null
) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
}
// Action interdite
elseif ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => helper::translate('Action interdite')
]);
}
// Inversion du statut
else {
$approved = !$this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'comment', $this->getUrl(3), 'approval']);
@ -593,8 +592,9 @@ class blog extends common
public function delete()
{
if (
$this->getUser('permission', __CLASS__, __FUNCTION__) === false ||
$this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null) {
$this->getUser('permission', __CLASS__, __FUNCTION__) !== true ||
$this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null
) {
// Valeurs en sortie
$this->addOutput([
'access' => false
@ -617,12 +617,12 @@ class blog extends common
*/
public function edit()
{
// Action interdite
if ($this->checkCSRF()) {
if (
$this->getUser('permission', __CLASS__, __FUNCTION__) !== true
) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => helper::translate('Action interdite')
'access' => false
]);
}
// L'article n'existe pas

21
module/form/form.php
View File

@ -266,12 +266,12 @@ class form extends common
*/
public function export2csv()
{
// Action interdite
if ($this->checkCSRF()) {
if (
$this->getUser('permission', __CLASS__, __FUNCTION__) !== true
) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/data',
'notification' => helper::translate('Action interdite')
'access' => false
]);
} else {
$data = $this->getData(['module', $this->getUrl(0), 'data']);
@ -307,12 +307,12 @@ class form extends common
*/
public function deleteall()
{
// Action interdite
if ($this->checkCSRF()) {
if (
$this->getUser('permission', __CLASS__, __FUNCTION__) !== true
) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/data',
'notification' => helper::translate('Action interdite')
'access' => false
]);
} else {
$data = ($this->getData(['module', $this->getUrl(0), 'data']));
@ -344,11 +344,10 @@ class form extends common
public function delete()
{
// Action interdite
if ($this->getUser('permission', __CLASS__, __FUNCTION__) === false) {
if ($this->getUser('permission', __CLASS__, __FUNCTION__) !== true) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/data',
'notification' => helper::translate('Action interdite')
'access' => false
]);
} else {
// La donnée n'existe pas

18
module/gallery/gallery.php
View File

@ -499,7 +499,7 @@ class gallery extends common
public function delete()
{
// La galerie n'existe pas
if ($this->getUser('permission', __CLASS__, __FUNCTION__) === false ||
if ($this->getUser('permission', __CLASS__, __FUNCTION__) !== true ||
$this->getData(['module', $this->getUrl(0), 'content', $this->getUrl(2)]) === null) {
// Valeurs en sortie
$this->addOutput([
@ -535,14 +535,6 @@ class gallery extends common
*/
public function edit()
{
// Action interdite
if ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => helper::translate('Action interdite')
]);
}
// Soumission du formulaire
if ($this->isPost()) {
@ -845,14 +837,6 @@ class gallery extends common
*/
public function theme()
{
// Action interdite
if ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => helper::translate('Action interdite')
]);
}
// Soumission du formulaire
if ($this->isPost()) {
// Dossier de l'instance

19
module/news/news.php
View File

@ -365,8 +365,10 @@ class news extends common
public function delete()
{
// La news n'existe pas
if ($this->getUser('permission', __CLASS__, __FUNCTION__) === false ||
$this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null) {
if (
$this->getUser('permission', __CLASS__, __FUNCTION__) !== true ||
$this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null
) {
// Valeurs en sortie
$this->addOutput([
'access' => false
@ -389,16 +391,11 @@ class news extends common
*/
public function edit()
{
// Action interdite
if ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => helper::translate('Action interdite')
]);
}
// La news n'existe pas
if ($this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null) {
if (
$this->getUser('permission', __CLASS__, __FUNCTION__) !== true ||
$this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null
) {
// Valeurs en sortie
$this->addOutput([
'access' => false

8
module/redirection/redirection.php
View File

@ -51,10 +51,10 @@ class redirection extends common {
*/
public function index() {
// Message si l'utilisateur peut éditer la page
if(
$this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD')
AND $this->getUser('group') >= self::GROUP_MODERATOR
AND $this->getUrl(1) !== 'force'
if( $this->getUser('permission', __CLASS__, __FUNCTION__) !== true
&& $this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD')
&& $this->getUser('group') >= self::GROUP_MODERATOR
&& $this->getUrl(1) !== 'force'
) {
// Valeurs en sortie
$this->addOutput([