Skip to content
Permalink
Browse files

Retrieve parameters from $_POST in server_user_groups.php

Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>
  • Loading branch information...
mauriciofauth committed Nov 3, 2018
1 parent 79548c0 commit 89db84213ba1b2b38387632c884c6fe64166f512
Showing with 30 additions and 24 deletions.
  1. +10 −7 libraries/classes/Server/UserGroups.php
  2. +11 −11 server_user_groups.php
  3. +9 −6 test/classes/Server/UserGroupsTest.php
@@ -110,31 +110,34 @@ public static function getHtmlForUserGroupsTable()
$html_output .= '<td>' . self::getAllowedTabNames($tabs, 'table') . '</td>';
$html_output .= '<td>';
$html_output .= '<a class="" href="server_user_groups.php'
$html_output .= '<a class="" href="server_user_groups.php" data-post="'
. Url::getCommon(
array(
'viewUsers' => 1, 'userGroup' => $groupName
)
),
''
)
. '">'
. Util::getIcon('b_usrlist', __('View users'))
. '</a>';
$html_output .= '&nbsp;&nbsp;';
$html_output .= '<a class="" href="server_user_groups.php'
$html_output .= '<a class="" href="server_user_groups.php" data-post="'
. Url::getCommon(
array(
'editUserGroup' => 1, 'userGroup' => $groupName
)
),
''
)
. '">'
. Util::getIcon('b_edit', __('Edit')) . '</a>';
$html_output .= '&nbsp;&nbsp;';
$html_output .= '<a class="deleteUserGroup ajax"'
. ' href="server_user_groups.php'
. ' href="server_user_groups.php" data-post="'
. Url::getCommon(
array(
'deleteUserGroup' => 1, 'userGroup' => $groupName
)
),
''
)
. '">'
. Util::getIcon('b_drop', __('Delete')) . '</a>';
@@ -364,7 +367,7 @@ public static function edit($userGroup, $new = false)
$sql_query .= ", ";
}
$tabName = $tabGroupName . '_' . $tab;
$allowed = isset($_REQUEST[$tabName]) && $_REQUEST[$tabName] == 'Y';
$allowed = isset($_POST[$tabName]) && $_POST[$tabName] == 'Y';
$sql_query .= "('" . $GLOBALS['dbi']->escapeString($userGroup) . "', '" . $tabName . "', '"
. ($allowed ? "Y" : "N") . "')";
$first = false;
@@ -40,35 +40,35 @@
/**
* Delete user group
*/
if (! empty($_REQUEST['deleteUserGroup'])) {
UserGroups::delete($_REQUEST['userGroup']);
if (! empty($_POST['deleteUserGroup'])) {
UserGroups::delete($_POST['userGroup']);
}
/**
* Add a new user group
*/
if (! empty($_REQUEST['addUserGroupSubmit'])) {
UserGroups::edit($_REQUEST['userGroup'], true);
if (! empty($_POST['addUserGroupSubmit'])) {
UserGroups::edit($_POST['userGroup'], true);
}
/**
* Update a user group
*/
if (! empty($_REQUEST['editUserGroupSubmit'])) {
UserGroups::edit($_REQUEST['userGroup']);
if (! empty($_POST['editUserGroupSubmit'])) {
UserGroups::edit($_POST['userGroup']);
}
if (isset($_REQUEST['viewUsers'])) {
if (isset($_POST['viewUsers'])) {
// Display users belonging to a user group
$response->addHTML(UserGroups::getHtmlForListingUsersofAGroup($_REQUEST['userGroup']));
$response->addHTML(UserGroups::getHtmlForListingUsersofAGroup($_POST['userGroup']));
}
if (isset($_REQUEST['addUserGroup'])) {
if (isset($_GET['addUserGroup'])) {
// Display add user group dialog
$response->addHTML(UserGroups::getHtmlToEditUserGroup());
} elseif (isset($_REQUEST['editUserGroup'])) {
} elseif (isset($_POST['editUserGroup'])) {
// Display edit user group dialog
$response->addHTML(UserGroups::getHtmlToEditUserGroup($_REQUEST['userGroup']));
$response->addHTML(UserGroups::getHtmlToEditUserGroup($_POST['userGroup']));
} else {
// Display user groups table
$response->addHTML(UserGroups::getHtmlForUserGroupsTable());
@@ -124,33 +124,36 @@ public function testGetHtmlForUserGroupsTableWithUserGroups()
'<td>usergroup</td>',
$html
);
$url_tag = '<a class="" href="server_user_groups.php'
$url_tag = '<a class="" href="server_user_groups.php" data-post="'
. Url::getCommon(
array(
'viewUsers'=>1, 'userGroup'=>htmlspecialchars('usergroup')
)
),
''
);
$this->assertContains(
$url_tag,
$html
);
$url_tag = '<a class="" href="server_user_groups.php'
$url_tag = '<a class="" href="server_user_groups.php" data-post="'
. Url::getCommon(
array(
'editUserGroup'=>1,
'userGroup'=>htmlspecialchars('usergroup')
)
),
''
);
$this->assertContains(
$url_tag,
$html
);
$url_tag = '<a class="deleteUserGroup ajax" href="server_user_groups.php'
$url_tag = '<a class="deleteUserGroup ajax" href="server_user_groups.php" data-post="'
. Url::getCommon(
array(
'deleteUserGroup'=> 1,
'userGroup'=>htmlspecialchars('usergroup')
)
),
""
);
$this->assertContains(
$url_tag,

0 comments on commit 89db842

Please sign in to comment.
You can’t perform that action at this time.