Révision 6eb8d15f
Ajouté par Assos Assos il y a presque 10 ans
drupal7/sites/all/modules/imce/inc/imce.admin.inc | ||
---|---|---|
35 | 35 |
'#attributes' => array('id' => 'imce-profiles-list'), |
36 | 36 |
); |
37 | 37 |
$output['form'] = drupal_get_form('imce_admin_form'); |
38 |
|
|
39 |
// Display security warnings |
|
40 |
if (empty($_POST)) { |
|
41 |
$roles = variable_get('imce_roles_profiles', array()); |
|
42 |
if (!empty($roles[DRUPAL_ANONYMOUS_RID]['public_pid']) || !empty($roles[DRUPAL_ANONYMOUS_RID]['private_pid'])) { |
|
43 |
drupal_set_message(t('Anonymous user role has access to IMCE.') . ' ' . t('Make sure this is not a misconfiguration.'), 'warning'); |
|
44 |
} |
|
45 |
if (imce_admin_check_wildcard_upload(DRUPAL_AUTHENTICATED_RID, $roles)) { |
|
46 |
drupal_set_message(t('Authenticated user role is assigned a configuration profile with unrestricted file extensions.') . ' ' . t('Make sure this is not a misconfiguration.'), 'warning'); |
|
47 |
} |
|
48 |
} |
|
49 |
|
|
38 | 50 |
return $output; |
39 | 51 |
} |
40 | 52 |
|
... | ... | |
146 | 158 |
return $output; |
147 | 159 |
} |
148 | 160 |
|
161 |
/** |
|
162 |
* Validate admin form. |
|
163 |
*/ |
|
164 |
function imce_admin_form_validate($form, &$form_state) { |
|
165 |
$roles = $form_state['values']['roles']; |
|
166 |
// Check anonymous profile. Do not allow wildcard upload. |
|
167 |
if ($key = imce_admin_check_wildcard_upload(DRUPAL_ANONYMOUS_RID, $roles)) { |
|
168 |
form_error($form['roles'][DRUPAL_ANONYMOUS_RID][$key], t('Anonymous user role can not have a configuration profile with unrestricted file extensions.')); |
|
169 |
} |
|
170 |
} |
|
171 |
|
|
149 | 172 |
/** |
150 | 173 |
* Submit admin form. |
151 | 174 |
*/ |
... | ... | |
173 | 196 |
return drupal_get_form('imce_profile_delete_form', $pid); |
174 | 197 |
} |
175 | 198 |
//add-edit |
176 |
if ($pid != 1 || $GLOBALS['user']->uid == 1) {
|
|
199 |
if ($op === 'add' || $op === 'edit') {
|
|
177 | 200 |
return drupal_get_form('imce_profile_form', $pid); |
178 | 201 |
} |
179 | 202 |
drupal_access_denied(); |
... | ... | |
688 | 711 |
return $r1['weight']-$r2['weight']; |
689 | 712 |
} |
690 | 713 |
|
714 |
/** |
|
715 |
* Checks if the given role can upload all extensions. |
|
716 |
*/ |
|
717 |
function imce_admin_check_wildcard_upload($rid, $conf = NULL) { |
|
718 |
if (!isset($conf)) { |
|
719 |
$conf = variable_get('imce_roles_profiles', array()); |
|
720 |
} |
|
721 |
if (!empty($conf[$rid])) { |
|
722 |
foreach ($conf[$rid] as $key => $pid) { |
|
723 |
if ($pid && substr($key, -4) == '_pid') { |
|
724 |
if ($profile = imce_load_profile($pid)) { |
|
725 |
if ($profile['extensions'] === '*' && !empty($profile['directories'])) { |
|
726 |
foreach ($profile['directories'] as $dirconf) { |
|
727 |
if (!empty($dirconf['upload'])) { |
|
728 |
return $key; |
|
729 |
} |
|
730 |
} |
|
731 |
} |
|
732 |
} |
|
733 |
} |
|
734 |
} |
|
735 |
} |
|
736 |
return FALSE; |
|
737 |
} |
|
738 |
|
|
691 | 739 |
//Include core profile functions. |
692 | 740 |
include_once DRUPAL_ROOT . '/' . drupal_get_path('module', 'imce') . '/inc/imce.core.profiles.inc'; |
Formats disponibles : Unified diff
Weekly update of contrib modules