From 2cb1563f63386b35a69e460051aa9b4a2851d104 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 30 May 2012 07:30:44 -0400
Subject: [PATCH] - Added (clickable) placeholders to client messaging function. - Added check so that the client password isn't inserted into the message (for security reasons).

---
 interface/web/designer/module_nav_edit.php |   20 +++++++++-----------
 1 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/interface/web/designer/module_nav_edit.php b/interface/web/designer/module_nav_edit.php
index a28554a..a7acf40 100644
--- a/interface/web/designer/module_nav_edit.php
+++ b/interface/web/designer/module_nav_edit.php
@@ -30,21 +30,19 @@
 require_once('../../lib/config.inc.php');
 require_once('../../lib/app.inc.php');
 
-//* Securoty checkpoint
+//* Security checkpoint
 if($_SESSION['s']['user']['typ'] != 'admin'){
     die('Admin permissions required.');
 }
+if($conf['demo_mode'] == true) $app->error('This function is disabled in demo mode.');
 
-// Checke Berechtigungen f�r Modul
-if(!stristr($_SESSION["s"]["user"]["modules"],$_SESSION["s"]["module"]["name"])) {
-	header("Location: ../index.php");
-	exit;
-}
+//* Check permissions for module
+$app->auth->check_module_permissions('designer');
 
 //* Load template
 $app->uses('tpl');
-$app->tpl->newTemplate("form.tpl.htm");
-$app->tpl->setInclude('content_tpl','templates/module_nav_edit.htm');
+$app->tpl->newTemplate('form.tpl.htm');
+$app->tpl->setInclude('content_tpl', 'templates/module_nav_edit.htm');
 
 // TODO: Check module and nav_id for malicius chars, nav_id can be empty or any number, even 0
 $module_name = $_REQUEST['module_name'];
@@ -70,7 +68,7 @@
 	
 	if($error == '') {
 	
-		$filename = "../$module_name/lib/module.conf.php";
+		$filename = '../'.$module_name.'/lib/module.conf.php';
 		
 		if(!@is_file($filename)){
             die("File not found: $filename");
@@ -104,7 +102,7 @@
 		
 		
 		//* Jump to list
-    	header("Location: module_show.php?id=$module_name");
+    	header('Location: module_show.php?id='.urlencode($module_name));
         exit;
 			
 	} else {
@@ -116,7 +114,7 @@
 if($nav_id != '') {
     //* Data record exists
 	if($error == '') {
-		include_once("../$module_name/lib/module.conf.php");
+		include_once('../'.$module_name.'/lib/module.conf.php');
 		$record = $module['nav'][$nav_id];
 	} else {
 		//* error

--
Gitblit v1.9.1