Skip to content

Commit

Permalink
apps: Fix URL navigation issues when using a plugin app
Browse files Browse the repository at this point in the history
  • Loading branch information
Jared Hancock committed Dec 18, 2015
1 parent f665f9d commit 259d3a8
Show file tree
Hide file tree
Showing 6 changed files with 42 additions and 31 deletions.
16 changes: 8 additions & 8 deletions include/staff/footer.inc.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
if(is_object($thisstaff) && $thisstaff->isStaff()) { ?>
<div>
<!-- Do not remove <img src="autocron.php" alt="" width="1" height="1" border="0" /> or your auto cron will cease to function -->
<img src="autocron.php" alt="" width="1" height="1" border="0" />
<img src="<?php echo ROOT_PATH; ?>scp/autocron.php" alt="" width="1" height="1" border="0" />
<!-- Do not remove <img src="autocron.php" alt="" width="1" height="1" border="0" /> or your auto cron will cease to function -->
</div>
<?php
Expand Down Expand Up @@ -41,20 +41,20 @@
</div>

<script type="text/javascript" src="<?php echo ROOT_PATH; ?>js/jquery.pjax.js"></script>
<script type="text/javascript" src="./js/bootstrap-typeahead.js"></script>
<script type="text/javascript" src="./js/scp.js"></script>
<script type="text/javascript" src="<?php echo ROOT_PATH; ?>scp/js/bootstrap-typeahead.js"></script>
<script type="text/javascript" src="<?php echo ROOT_PATH; ?>scp/js/scp.js"></script>
<script type="text/javascript" src="<?php echo ROOT_PATH; ?>js/jquery-ui-1.10.3.custom.min.js"></script>
<script type="text/javascript" src="<?php echo ROOT_PATH; ?>js/filedrop.field.js"></script>
<script type="text/javascript" src="<?php echo ROOT_PATH; ?>js/select2.min.js"></script>
<script type="text/javascript" src="./js/tips.js"></script>
<script type="text/javascript" src="<?php echo ROOT_PATH; ?>scp/js/tips.js"></script>
<script type="text/javascript" src="<?php echo ROOT_PATH; ?>js/redactor.min.js"></script>
<script type="text/javascript" src="<?php echo ROOT_PATH; ?>js/redactor-osticket.js"></script>
<script type="text/javascript" src="<?php echo ROOT_PATH; ?>js/redactor-plugins.js"></script>
<script type="text/javascript" src="./js/jquery.translatable.js"></script>
<script type="text/javascript" src="./js/jquery.dropdown.js"></script>
<script type="text/javascript" src="./js/bootstrap-tooltip.js"></script>
<script type="text/javascript" src="<?php echo ROOT_PATH; ?>scp/js/jquery.translatable.js"></script>
<script type="text/javascript" src="<?php echo ROOT_PATH; ?>scp/js/jquery.dropdown.js"></script>
<script type="text/javascript" src="<?php echo ROOT_PATH; ?>scp/js/bootstrap-tooltip.js"></script>
<script type="text/javascript" src="<?php echo ROOT_PATH; ?>js/fabric.min.js"></script>
<link type="text/css" rel="stylesheet" href="./css/tooltip.css">
<link type="text/css" rel="stylesheet" href="<?php echo ROOT_PATH; ?>scp/css/tooltip.css">
<script type="text/javascript">
getConfig().resolve(<?php
include INCLUDE_DIR . 'ajax.config.php';
Expand Down
20 changes: 10 additions & 10 deletions include/staff/header.inc.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,21 +25,21 @@
<![endif]-->
<script type="text/javascript" src="<?php echo ROOT_PATH; ?>js/jquery-1.11.2.min.js"></script>
<link rel="stylesheet" href="<?php echo ROOT_PATH ?>css/thread.css" media="all">
<link rel="stylesheet" href="./css/scp.css" media="all">
<link rel="stylesheet" href="<?php echo ROOT_PATH ?>scp/css/scp.css" media="all">
<link rel="stylesheet" href="<?php echo ROOT_PATH; ?>css/redactor.css" media="screen">
<link rel="stylesheet" href="./css/typeahead.css" media="screen">
<link rel="stylesheet" href="<?php echo ROOT_PATH ?>scp/css/typeahead.css" media="screen">
<link type="text/css" href="<?php echo ROOT_PATH; ?>css/ui-lightness/jquery-ui-1.10.3.custom.min.css"
rel="stylesheet" media="screen" />
<link type="text/css" rel="stylesheet" href="<?php echo ROOT_PATH; ?>css/font-awesome.min.css">
<!--[if IE 7]>
<link rel="stylesheet" href="<?php echo ROOT_PATH; ?>css/font-awesome-ie7.min.css">
<![endif]-->
<link type="text/css" rel="stylesheet" href="./css/dropdown.css">
<link type="text/css" rel="stylesheet" href="<?php echo ROOT_PATH ?>scp/css/dropdown.css">
<link type="text/css" rel="stylesheet" href="<?php echo ROOT_PATH; ?>css/loadingbar.css"/>
<link type="text/css" rel="stylesheet" href="<?php echo ROOT_PATH; ?>css/flags.css">
<link type="text/css" rel="stylesheet" href="<?php echo ROOT_PATH; ?>css/select2.min.css">
<link type="text/css" rel="stylesheet" href="<?php echo ROOT_PATH; ?>css/rtl.css"/>
<link type="text/css" rel="stylesheet" href="./css/translatable.css"/>
<link type="text/css" rel="stylesheet" href="<?php echo ROOT_PATH ?>scp/css/translatable.css"/>

<?php
if($ost && ($headers=$ost->getExtraHeaders())) {
Expand All @@ -61,16 +61,16 @@
<p id="info" class="pull-right no-pjax"><?php echo sprintf(__('Welcome, %s.'), '<strong>'.$thisstaff->getFirstName().'</strong>'); ?>
<?php
if($thisstaff->isAdmin() && !defined('ADMINPAGE')) { ?>
| <a href="admin.php" class="no-pjax"><?php echo __('Admin Panel'); ?></a>
| <a href="<?php echo ROOT_PATH ?>scp/admin.php" class="no-pjax"><?php echo __('Admin Panel'); ?></a>
<?php }else{ ?>
| <a href="index.php" class="no-pjax"><?php echo __('Agent Panel'); ?></a>
| <a href="<?php echo ROOT_PATH ?>scp/index.php" class="no-pjax"><?php echo __('Agent Panel'); ?></a>
<?php } ?>
| <a href="profile.php"><?php echo __('Profile'); ?></a>
| <a href="logout.php?auth=<?php echo $ost->getLinkToken(); ?>" class="no-pjax"><?php echo __('Log Out'); ?></a>
| <a href="<?php echo ROOT_PATH ?>scp/profile.php"><?php echo __('Profile'); ?></a>
| <a href="<?php echo ROOT_PATH ?>scp/logout.php?auth=<?php echo $ost->getLinkToken(); ?>" class="no-pjax"><?php echo __('Log Out'); ?></a>
</p>
<a href="index.php" class="no-pjax" id="logo">
<a href="<?php echo ROOT_PATH ?>scp/index.php" class="no-pjax" id="logo">
<span class="valign-helper"></span>
<img src="logo.php?<?php echo strtotime($cfg->lastModified('staff_logo_id')); ?>" alt="osTicket &mdash; <?php echo __('Customer Support System'); ?>"/>
<img src="<?php echo ROOT_PATH ?>scp/logo.php?<?php echo strtotime($cfg->lastModified('staff_logo_id')); ?>" alt="osTicket &mdash; <?php echo __('Customer Support System'); ?>"/>
</a>
</div>
<div id="pjax-container" class="<?php if ($_POST) echo 'no-pjax'; ?>">
Expand Down
4 changes: 4 additions & 0 deletions include/staff/templates/navigation.tmpl.php
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
<?php
if(($tabs=$nav->getTabs()) && is_array($tabs)){
foreach($tabs as $name =>$tab) {
if ($tab['href'][0] != '/')
$tab['href'] = ROOT_PATH . 'scp/' . $tab['href'];
echo sprintf('<li class="%s %s"><a href="%s">%s</a>',
$tab['active'] ? 'active':'inactive',
@$tab['class'] ?: '',
Expand All @@ -10,6 +12,8 @@
foreach($subnav as $k => $item) {
if (!($id=$item['id']))
$id="nav$k";
if ($item['href'][0] != '/')
$item['href'] = ROOT_PATH . 'scp/' . $item['href'];

echo sprintf(
'<li><a class="%s" href="%s" title="%s" id="%s">%s</a></li>',
Expand Down
2 changes: 1 addition & 1 deletion scp/admin.inc.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/
require('staff.inc.php');
require_once 'staff.inc.php';
//Make sure config is loaded and the staff is set and of admin type
if(!$ost or !$thisstaff or !$thisstaff->isAdmin()){
header('Location: index.php');
Expand Down
27 changes: 16 additions & 11 deletions scp/apps/dispatcher.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,27 +14,32 @@
vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/
# Override staffLoginPage() defined in staff.inc.php to return an
# HTTP/Forbidden status rather than the actual login page.
# XXX: This should be moved to the AjaxController class
function staffLoginPage($msg='Unauthorized') {
Http::response(403,'Must login: '.Format::htmlchars($msg));
exit;
}
if (basename($_SERVER['SCRIPT_NAME'])==basename(__FILE__))

This comment has been minimized.

Sign in to view

Copy link
@poctob

poctob Sep 11, 2018

This actually breaks all navigation from Applications menu. If a plugin registers staff app with a url of 'apps/myawesomeplugin', Clicking on the link will always result into Access Denied

This comment has been minimized.

Sign in to view

Copy link
@bengearig

bengearig Dec 15, 2019

Has this been resolved? Perhaps I am using the plugin mechanism incorrectly, but I have had to comment this block out otherwise my app plugin is unusable.
die('Access denied'); //Say hi to our friend..

require('staff.inc.php');

This comment has been minimized.

Sign in to view

Copy link
@poctob

poctob Sep 11, 2018

this will always error out too, this file is one directory up

//Clean house...don't let the world see your crap.
ini_set('display_errors','0'); //Disable error display
ini_set('display_startup_errors','0');
#ini_set('display_errors','0'); //Disable error display
#ini_set('display_startup_errors','0');

//TODO: disable direct access via the browser? i,e All request must have REFER?
if(!defined('INCLUDE_DIR')) Http::response(500, 'Server configuration error');

require_once INCLUDE_DIR.'/class.dispatcher.php';
$dispatcher = new Dispatcher();

Signal::send('apps.scp', $dispatcher);
$PI = $ost->get_path_info();
if (strpos(strtolower($PI), '/admin/') === 0) {
require('admin.inc.php');
$PI = substr($PI, 6);
Signal::send('apps.admin', $dispatcher);
}
else {
Signal::send('apps.scp', $dispatcher);
}

$nav->setActiveTab('apps');

# Call the respective function
print $dispatcher->resolve($ost->get_path_info());
print $dispatcher->resolve($PI);
4 changes: 3 additions & 1 deletion scp/staff.inc.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,9 @@ function staffLoginPage($msg) {
$_SESSION['_staff']['auth']['dest'] =
'/' . ltrim($_SERVER['REQUEST_URI'], '/');
$_SESSION['_staff']['auth']['msg']=$msg;
require(SCP_DIR.'login.php');

// Redirect here with full path for application-type plugins
Http::redirect(ROOT_PATH.'scp/login.php');
exit;
}
}
Expand Down

0 comments on commit 259d3a8

Please sign in to comment.