diff --git a/admin.settings.php b/admin.settings.php
index 8de5de1ee..7f6d64c6b 100644
--- a/admin.settings.php
+++ b/admin.settings.php
@@ -145,10 +145,12 @@ function updateSettings ($setting, $val, $type = '')
if (isset($_SESSION['settings']['enable_favourites']) && $_SESSION['settings']['enable_favourites'] != $_POST['enable_favourites']) {
updateSettings('enable_favourites', $_POST['enable_favourites']);
}
+ /*
// Update last shown items
if (isset($_SESSION['settings']['show_last_items']) && $_SESSION['settings']['show_last_items'] != $_POST['show_last_items']) {
updateSettings('show_last_items', $_POST['show_last_items']);
}
+ */
// Update personal feature
if (isset($_SESSION['settings']['enable_pf_feature']) && $_SESSION['settings']['enable_pf_feature'] != $_POST['enable_pf_feature']) {
updateSettings('enable_pf_feature', $_POST['enable_pf_feature']);
diff --git a/sources/export.queries.php b/sources/export.queries.php
index fac71b5ef..f92710aa8 100644
--- a/sources/export.queries.php
+++ b/sources/export.queries.php
@@ -407,7 +407,7 @@ function outPutCsv(&$vals, $key, $filehandler)
fclose($outstream);
// send back and continue
- echo '[{"loop":"true", "number":"'.$objNumber.'", "file":"'.$_SESSION['settings']['url_to_files_folder'].$html_file.'"}]';
+ echo '[{"loop":"true", "number":"'.$objNumber.'", "file":"'.$_SESSION['settings']['path_to_files_folder'].$html_file.'" , "file_link":"'.$_SESSION['settings']['url_to_files_folder'].$html_file.'"}]';
break;
//CASE export in HTML format - Iteration loop
@@ -526,7 +526,7 @@ function outPutCsv(&$vals, $key, $filehandler)
fclose($outstream);
// send back and continue
- echo '[{"loop":"true", "number":"'.$_POST['number'].'", "cpt":"'.$_POST['cpt'].'", "file":"'.$_POST['file'].'", "idsList":"'.$_POST['idsList'].'"}]';
+ echo '[{"loop":"true", "number":"'.$_POST['number'].'", "cpt":"'.$_POST['cpt'].'", "file":"'.$_POST['file'].'", "idsList":"'.$_POST['idsList'].'" , "file_link":"'.$_POST['file_link'].'"}]';
break;
//CASE export in HTML format - Iteration loop
@@ -582,7 +582,7 @@ function hideAll()
fclose($outstream);
- echo '[{"text":"'.$LANG['pdf_download'].'"}]';
+ echo '[{"text":"'.$LANG['pdf_download'].'"}]';
break;
}
diff --git a/sources/items.queries.php b/sources/items.queries.php
index aaad4eac5..f1a404a20 100644
--- a/sources/items.queries.php
+++ b/sources/items.queries.php
@@ -507,7 +507,7 @@
if (count($field_data)>1 && !empty($field_data[1])) {
$dataTmp = DB::queryFirstRow(
"SELECT c.title AS title, i.data AS data, i.data_iv AS data_iv
- FROM ".prefix_table("categories")."_items AS i
+ FROM ".prefix_table("categories_items")." AS i
INNER JOIN ".prefix_table("categories")." AS c ON (i.field_id=c.id)
WHERE i.field_id = %i AND i.item_id = %i",
$field_data[0],
@@ -522,7 +522,6 @@
array(
'item_id' => $dataReceived['id'],
'field_id' => $field_data[0],
- //'data' => encrypt($field_data[1]) //encrypt($randomKeyFields.$field_data[1])
'data' => $encrypt['string'],
'data_iv' => $encrypt['iv']
)
@@ -540,14 +539,13 @@
);
} else {
// compare the old and new value
- $oldVal = cryption($dataTmp[1], SALT, $dataTmp['data_iv'], "decrypt");
+ $oldVal = cryption($dataTmp['data'], SALT, $dataTmp['data_iv'], "decrypt");
if ($field_data[1] != $oldVal) {
$encrypt = cryption($field_data[1], SALT, "", "encrypt");
// update value
DB::update(
prefix_table('categories_items'),
array(
- //'data' => encrypt($field_data[1])
'data' => $encrypt['string'],
'data_iv' => $encrypt['iv']
),
@@ -1991,6 +1989,7 @@
// increment array for icons shortcuts (don't do if option is not enabled)
if (isset($_SESSION['settings']['copy_to_clipboard_small_icons']) && $_SESSION['settings']['copy_to_clipboard_small_icons'] == 1) {
if ($need_sk == true && isset($_SESSION['my_sk'])) {
+ /*
// re-encrypt with new protocol 2.1.23
if (empty($record['pw_iv'])) {
$pw = decrypt($record['pw'], mysqli_escape_string($link, stripslashes($_SESSION['my_sk'])));
@@ -2008,6 +2007,8 @@
} else {
$pw = cryption($record['pw'], $_SESSION['my_sk'], $record['pw_iv'], "decrypt");
}
+ */
+ $pw = cryption($record['pw'], $_SESSION['my_sk'], $record['pw_iv'], "decrypt");
} else {
$pw = cryption($record['pw'], SALT, $record['pw_iv'], "decrypt");
}
@@ -2158,15 +2159,36 @@
* Get complexity level of a group
*/
case "get_complixity_level":
+ // get some info about ITEM
+ $dataItem = DB::queryfirstrow(
+ "SELECT perso, anyone_can_modify
+ FROM ".prefix_table("items")."
+ WHERE id=%i",
+ $_POST['item_id']
+ );
// is user allowed to access this folder - readonly
- if (isset($_POST['groupe']) && !empty($_POST['groupe'])) {
- if (in_array($_POST['groupe'], $_SESSION['read_only_folders']) || !in_array($_POST['groupe'], $_SESSION['groupes_visibles'])) {
- $returnValues = array(
- "error" => "user_is_readonly",
- "message" => $LANG['error_not_allowed_to']
- );
- echo prepareExchangedData($returnValues, "encode");
- break;
+ if (isset($_POST['groupe']) && !empty($_POST['groupe'])) {
+ if (in_array($_POST['groupe'], $_SESSION['read_only_folders']) || !in_array($_POST['groupe'], $_SESSION['groupes_visibles'])) {
+ // check if this item can be modified by anyone
+ if (isset($_SESSION['settings']['anyone_can_modify']) && $_SESSION['settings']['anyone_can_modify'] == 1) {
+ if ($dataItem['anyone_can_modify'] != 1) {
+ // else return not authorized
+ $returnValues = array(
+ "error" => "user_is_readonly",
+ "message" => $LANG['error_not_allowed_to']
+ );
+ echo prepareExchangedData($returnValues, "encode");
+ break;
+ }
+ } else {
+ // else return not authorized
+ $returnValues = array(
+ "error" => "user_is_readonly",
+ "message" => $LANG['error_not_allowed_to']
+ );
+ echo prepareExchangedData($returnValues, "encode");
+ break;
+ }
}
}