From 6250b7ea002fd99e40d0170d31e7e19e69f97ccd Mon Sep 17 00:00:00 2001
From: Dominik <info@profi-webdesign.net>
Date: Thu, 23 Jan 2014 13:53:43 -0500
Subject: [PATCH] Merge remote-tracking branch 'ispc3master/master'

---
 interface/web/designer/module_nav_edit.php |   98 ++++++++++++++++++++++++-------------------------
 1 files changed, 48 insertions(+), 50 deletions(-)

diff --git a/interface/web/designer/module_nav_edit.php b/interface/web/designer/module_nav_edit.php
index a28554a..e7e63e1 100644
--- a/interface/web/designer/module_nav_edit.php
+++ b/interface/web/designer/module_nav_edit.php
@@ -27,24 +27,22 @@
 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 
-require_once('../../lib/config.inc.php');
-require_once('../../lib/app.inc.php');
+require_once '../../lib/config.inc.php';
+require_once '../../lib/app.inc.php';
 
-//* Securoty checkpoint
+//* Security checkpoint
 if($_SESSION['s']['user']['typ'] != 'admin'){
-    die('Admin permissions required.');
+	die('Admin permissions required.');
 }
+if($conf['demo_mode'] == true) $app->error('This function is disabled in demo mode.');
 
-// Checke Berechtigungen f�r Modul
-if(!stristr($_SESSION["s"]["user"]["modules"],$_SESSION["s"]["module"]["name"])) {
-	header("Location: ../index.php");
-	exit;
-}
+//* Check permissions for module
+$app->auth->check_module_permissions('designer');
 
 //* Load template
 $app->uses('tpl');
-$app->tpl->newTemplate("form.tpl.htm");
-$app->tpl->setInclude('content_tpl','templates/module_nav_edit.htm');
+$app->tpl->newTemplate('form.tpl.htm');
+$app->tpl->setInclude('content_tpl', 'templates/module_nav_edit.htm');
 
 // TODO: Check module and nav_id for malicius chars, nav_id can be empty or any number, even 0
 $module_name = $_REQUEST['module_name'];
@@ -52,61 +50,61 @@
 
 //** Sanity checks of module
 if(!preg_match('/^[A-Za-z0-9_]{1,50}$/', $module_name)){
-    die('module_name contains invalid chars.');
+	die('module_name contains invalid chars.');
 }
 if(!preg_match('/^[A-Za-z0-9_]{0,50}$/', $nav_id)){
-    die('nav_id contains invalid chars.');
+	die('nav_id contains invalid chars.');
 }
 if(empty($module_name)){
-    die('module is empty.');
+	die('module is empty.');
 }
 
 if(count($_POST) > 0) {
 	//* Determine Action
 	$action = ($nav_id != '') ? 'UPDATE' : 'INSERT';
 	$error = '';
-	
+
 	// TODO: Check variables
-	
+
 	if($error == '') {
-	
-		$filename = "../$module_name/lib/module.conf.php";
-		
+
+		$filename = '../'.$module_name.'/lib/module.conf.php';
+
 		if(!@is_file($filename)){
-            die("File not found: $filename");
-        }
-		include_once($filename);
-		
-        $items = ($action == 'UPDATE') ?  $module['nav'][$nav_id]['items'] : array();
-		
+			die("File not found: $filename");
+		}
+		include_once $filename;
+
+		$items = ($action == 'UPDATE') ?  $module['nav'][$nav_id]['items'] : array();
+
 		$tmp = array('title' => $_POST['nav']['title'],
-					 'open' =>  1,
-					 'items' => $items);
-        
+			'open' =>  1,
+			'items' => $items);
+
 		if($action == 'UPDATE') {
 			$module['nav'][$nav_id] = $tmp;
 		} else {
 			$module['nav'][] = $tmp;
 		}
-		
-		$m = "<?php\r\n".'$module = '.var_export($module,true)."\r\n?>";
-				
-		//* writing module.conf
-		if (!$handle = fopen($filename, 'w')) { 
-			die("Cannot open file ($filename)"); 
-		} 
 
-		if (!fwrite($handle, $m)) { 
-			die("Cannot write to file ($filename)"); 
-		} 
-    
+		$m = "<?php\r\n".'$module = '.var_export($module, true)."\r\n?>";
+
+		//* writing module.conf
+		if (!$handle = fopen($filename, 'w')) {
+			die("Cannot open file ($filename)");
+		}
+
+		if (!fwrite($handle, $m)) {
+			die("Cannot write to file ($filename)");
+		}
+
 		fclose($handle);
-		
-		
+
+
 		//* Jump to list
-    	header("Location: module_show.php?id=$module_name");
-        exit;
-			
+		header('Location: module_show.php?id='.urlencode($module_name));
+		exit;
+
 	} else {
 		$app->tpl->setVar('error', '<b>Fehler:</b><br>'.$error);
 		$app->tpl->setVar($_POST);
@@ -114,9 +112,9 @@
 }
 
 if($nav_id != '') {
-    //* Data record exists
+	//* Data record exists
 	if($error == '') {
-		include_once("../$module_name/lib/module.conf.php");
+		include_once '../'.$module_name.'/lib/module.conf.php';
 		$record = $module['nav'][$nav_id];
 	} else {
 		//* error
@@ -124,13 +122,13 @@
 	}
 	//$record["readonly"] = 'style="background-color: #EEEEEE;" readonly';
 } else {
-    //* New data record
+	//* New data record
 	if($error == '') {
 		//* es liegt kein Fehler vor
 	} else {
 		//* error
 		$record = $_POST;
-		
+
 	}
 	//$record["readonly"] = '';
 }
@@ -140,10 +138,10 @@
 
 $app->tpl->setVar($record);
 
-include_once('lib/lang/'.$_SESSION['s']['language'].'_module_nav_edit.lng');
+include_once 'lib/lang/'.$_SESSION['s']['language'].'_module_nav_edit.lng';
 $app->tpl->setVar($wb);
 
 $app->tpl_defaults();
 $app->tpl->pparse();
 
-?>
\ No newline at end of file
+?>

--
Gitblit v1.9.1