From dee0e06cdf97fe3265dfd72bd9799b3f6062170c Mon Sep 17 00:00:00 2001 From: nilsteampassnet Date: Fri, 13 Mar 2015 16:49:51 +0100 Subject: [PATCH] Fix for export to offline mode --- admin.settings.php | 2 ++ sources/export.queries.php | 6 ++--- sources/items.queries.php | 46 ++++++++++++++++++++++++++++---------- 3 files changed, 39 insertions(+), 15 deletions(-) diff --git a/admin.settings.php b/admin.settings.php index 8de5de1ee..7f6d64c6b 100644 --- a/admin.settings.php +++ b/admin.settings.php @@ -145,10 +145,12 @@ function updateSettings ($setting, $val, $type = '') if (isset($_SESSION['settings']['enable_favourites']) && $_SESSION['settings']['enable_favourites'] != $_POST['enable_favourites']) { updateSettings('enable_favourites', $_POST['enable_favourites']); } + /* // Update last shown items if (isset($_SESSION['settings']['show_last_items']) && $_SESSION['settings']['show_last_items'] != $_POST['show_last_items']) { updateSettings('show_last_items', $_POST['show_last_items']); } + */ // Update personal feature if (isset($_SESSION['settings']['enable_pf_feature']) && $_SESSION['settings']['enable_pf_feature'] != $_POST['enable_pf_feature']) { updateSettings('enable_pf_feature', $_POST['enable_pf_feature']); diff --git a/sources/export.queries.php b/sources/export.queries.php index fac71b5ef..f92710aa8 100644 --- a/sources/export.queries.php +++ b/sources/export.queries.php @@ -407,7 +407,7 @@ function outPutCsv(&$vals, $key, $filehandler) fclose($outstream); // send back and continue - echo '[{"loop":"true", "number":"'.$objNumber.'", "file":"'.$_SESSION['settings']['url_to_files_folder'].$html_file.'"}]'; + echo '[{"loop":"true", "number":"'.$objNumber.'", "file":"'.$_SESSION['settings']['path_to_files_folder'].$html_file.'" , "file_link":"'.$_SESSION['settings']['url_to_files_folder'].$html_file.'"}]'; break; //CASE export in HTML format - Iteration loop @@ -526,7 +526,7 @@ function outPutCsv(&$vals, $key, $filehandler) fclose($outstream); // send back and continue - echo '[{"loop":"true", "number":"'.$_POST['number'].'", "cpt":"'.$_POST['cpt'].'", "file":"'.$_POST['file'].'", "idsList":"'.$_POST['idsList'].'"}]'; + echo '[{"loop":"true", "number":"'.$_POST['number'].'", "cpt":"'.$_POST['cpt'].'", "file":"'.$_POST['file'].'", "idsList":"'.$_POST['idsList'].'" , "file_link":"'.$_POST['file_link'].'"}]'; break; //CASE export in HTML format - Iteration loop @@ -582,7 +582,7 @@ function hideAll() fclose($outstream); - echo '[{"text":"'.$LANG['pdf_download'].'"}]'; + echo '[{"text":"'.$LANG['pdf_download'].'"}]'; break; } diff --git a/sources/items.queries.php b/sources/items.queries.php index aaad4eac5..f1a404a20 100644 --- a/sources/items.queries.php +++ b/sources/items.queries.php @@ -507,7 +507,7 @@ if (count($field_data)>1 && !empty($field_data[1])) { $dataTmp = DB::queryFirstRow( "SELECT c.title AS title, i.data AS data, i.data_iv AS data_iv - FROM ".prefix_table("categories")."_items AS i + FROM ".prefix_table("categories_items")." AS i INNER JOIN ".prefix_table("categories")." AS c ON (i.field_id=c.id) WHERE i.field_id = %i AND i.item_id = %i", $field_data[0], @@ -522,7 +522,6 @@ array( 'item_id' => $dataReceived['id'], 'field_id' => $field_data[0], - //'data' => encrypt($field_data[1]) //encrypt($randomKeyFields.$field_data[1]) 'data' => $encrypt['string'], 'data_iv' => $encrypt['iv'] ) @@ -540,14 +539,13 @@ ); } else { // compare the old and new value - $oldVal = cryption($dataTmp[1], SALT, $dataTmp['data_iv'], "decrypt"); + $oldVal = cryption($dataTmp['data'], SALT, $dataTmp['data_iv'], "decrypt"); if ($field_data[1] != $oldVal) { $encrypt = cryption($field_data[1], SALT, "", "encrypt"); // update value DB::update( prefix_table('categories_items'), array( - //'data' => encrypt($field_data[1]) 'data' => $encrypt['string'], 'data_iv' => $encrypt['iv'] ), @@ -1991,6 +1989,7 @@ // increment array for icons shortcuts (don't do if option is not enabled) if (isset($_SESSION['settings']['copy_to_clipboard_small_icons']) && $_SESSION['settings']['copy_to_clipboard_small_icons'] == 1) { if ($need_sk == true && isset($_SESSION['my_sk'])) { + /* // re-encrypt with new protocol 2.1.23 if (empty($record['pw_iv'])) { $pw = decrypt($record['pw'], mysqli_escape_string($link, stripslashes($_SESSION['my_sk']))); @@ -2008,6 +2007,8 @@ } else { $pw = cryption($record['pw'], $_SESSION['my_sk'], $record['pw_iv'], "decrypt"); } + */ + $pw = cryption($record['pw'], $_SESSION['my_sk'], $record['pw_iv'], "decrypt"); } else { $pw = cryption($record['pw'], SALT, $record['pw_iv'], "decrypt"); } @@ -2158,15 +2159,36 @@ * Get complexity level of a group */ case "get_complixity_level": + // get some info about ITEM + $dataItem = DB::queryfirstrow( + "SELECT perso, anyone_can_modify + FROM ".prefix_table("items")." + WHERE id=%i", + $_POST['item_id'] + ); // is user allowed to access this folder - readonly - if (isset($_POST['groupe']) && !empty($_POST['groupe'])) { - if (in_array($_POST['groupe'], $_SESSION['read_only_folders']) || !in_array($_POST['groupe'], $_SESSION['groupes_visibles'])) { - $returnValues = array( - "error" => "user_is_readonly", - "message" => $LANG['error_not_allowed_to'] - ); - echo prepareExchangedData($returnValues, "encode"); - break; + if (isset($_POST['groupe']) && !empty($_POST['groupe'])) { + if (in_array($_POST['groupe'], $_SESSION['read_only_folders']) || !in_array($_POST['groupe'], $_SESSION['groupes_visibles'])) { + // check if this item can be modified by anyone + if (isset($_SESSION['settings']['anyone_can_modify']) && $_SESSION['settings']['anyone_can_modify'] == 1) { + if ($dataItem['anyone_can_modify'] != 1) { + // else return not authorized + $returnValues = array( + "error" => "user_is_readonly", + "message" => $LANG['error_not_allowed_to'] + ); + echo prepareExchangedData($returnValues, "encode"); + break; + } + } else { + // else return not authorized + $returnValues = array( + "error" => "user_is_readonly", + "message" => $LANG['error_not_allowed_to'] + ); + echo prepareExchangedData($returnValues, "encode"); + break; + } } }