From a5b276444c1e2fa9c960131723ffd6955fb92f48 Mon Sep 17 00:00:00 2001
From: karailiev <karailiev@ispconfig3>
Date: Tue, 11 Aug 2009 15:20:21 -0400
Subject: [PATCH] ticket 827 For some reason till has made the version number not to load when no user is logged in. Due to ajax login the version number remains not loaded even after login until the whole page is reloaded. I didn't find any comment why is this done, so I revert it.

---
 interface/web/designer/module_nav_edit.php |  107 ++++++++++++++++++++++++-----------------------------
 1 files changed, 49 insertions(+), 58 deletions(-)

diff --git a/interface/web/designer/module_nav_edit.php b/interface/web/designer/module_nav_edit.php
index 973692c..73c010e 100644
--- a/interface/web/designer/module_nav_edit.php
+++ b/interface/web/designer/module_nav_edit.php
@@ -30,126 +30,117 @@
 require_once('../../lib/config.inc.php');
 require_once('../../lib/app.inc.php');
 
-if($_SESSION["s"]["user"]["typ"] != "admin") die("Admin permissions required.");
-
-// Checke Berechtigungen f�r Modul
-if(!stristr($_SESSION["s"]["user"]["modules"],$_SESSION["s"]["module"]["name"])) {
-	header("Location: ../index.php");
-	exit;
+//* Security checkpoint
+if($_SESSION['s']['user']['typ'] != 'admin'){
+    die('Admin permissions required.');
 }
 
-// Lade Template
+//* Check permissions for module
+$app->auth->check_module_permissions('designer');
+
+//* Load template
 $app->uses('tpl');
-$app->tpl->newTemplate("form.tpl.htm");
-$app->tpl->setInclude('content_tpl','templates/module_nav_edit.htm');
+$app->tpl->newTemplate('form.tpl.htm');
+$app->tpl->setInclude('content_tpl', 'templates/module_nav_edit.htm');
 
 // TODO: Check module and nav_id for malicius chars, nav_id can be empty or any number, even 0
-$module_name = $_REQUEST["module_name"];
-$nav_id = $_REQUEST["nav_id"];
+$module_name = $_REQUEST['module_name'];
+$nav_id = $_REQUEST['nav_id'];
 
-if(!preg_match('/^[A-Za-z0-9_]{1,50}$/',$module_name)) die("module_name contains invalid chars.");
-if(!preg_match('/^[A-Za-z0-9_]{0,50}$/',$nav_id)) die("nav_id contains invalid chars.");
-
-if(empty($module_name)) die("module is empty.");
+//** Sanity checks of module
+if(!preg_match('/^[A-Za-z0-9_]{1,50}$/', $module_name)){
+    die('module_name contains invalid chars.');
+}
+if(!preg_match('/^[A-Za-z0-9_]{0,50}$/', $nav_id)){
+    die('nav_id contains invalid chars.');
+}
+if(empty($module_name)){
+    die('module is empty.');
+}
 
 if(count($_POST) > 0) {
-	// Bestimme aktion
-	if($nav_id != '') {
-		$action = 'UPDATE';
-	} else {
-		$action = 'INSERT';
-	}
-	
+	//* Determine Action
+	$action = ($nav_id != '') ? 'UPDATE' : 'INSERT';
 	$error = '';
 	
 	// TODO: Check variables
-
 	
 	if($error == '') {
 	
-		$filename = "../".$module_name."/lib/module.conf.php";
+		$filename = '../'.$module_name.'/lib/module.conf.php';
 		
-		if(!@is_file($filename)) die("File not found: $filename");
+		if(!@is_file($filename)){
+            die("File not found: $filename");
+        }
 		include_once($filename);
 		
-		if($action == 'UPDATE') {
-			$items = $module["nav"][$nav_id]["items"];
-		} else {
-			$items = array();
-		}
+        $items = ($action == 'UPDATE') ?  $module['nav'][$nav_id]['items'] : array();
 		
-		$tmp = array('title' =>$_POST["nav"]["title"],
-					 'open' => 1,
+		$tmp = array('title' => $_POST['nav']['title'],
+					 'open' =>  1,
 					 'items' => $items);
-		
+        
 		if($action == 'UPDATE') {
-			$module["nav"][$nav_id] = $tmp;
+			$module['nav'][$nav_id] = $tmp;
 		} else {
-			$module["nav"][] = $tmp;
+			$module['nav'][] = $tmp;
 		}
 		
 		$m = "<?php\r\n".'$module = '.var_export($module,true)."\r\n?>";
 				
-		// writing module.conf
+		//* writing module.conf
 		if (!$handle = fopen($filename, 'w')) { 
-			print "Cannot open file ($filename)"; 
-			exit; 
+			die("Cannot open file ($filename)"); 
 		} 
 
 		if (!fwrite($handle, $m)) { 
-			print "Cannot write to file ($filename)"; 
-			exit; 
+			die("Cannot write to file ($filename)"); 
 		} 
     
 		fclose($handle);
 		
 		
-		// zu Liste springen
-    	header("Location: module_show.php?id=$module_name");
+		//* Jump to list
+    	header('Location: module_show.php?id='.urlencode($module_name));
         exit;
 			
 	} else {
-		$app->tpl->setVar("error","<b>Fehler:</b><br>".$error);
+		$app->tpl->setVar('error', '<b>Fehler:</b><br>'.$error);
 		$app->tpl->setVar($_POST);
 	}
 }
 
 if($nav_id != '') {
-// Datensatz besteht bereits
-	// bestehenden Datensatz anzeigen
+    //* Data record exists
 	if($error == '') {
-		// es liegt ein Fehler vor
-		include_once("../".$module_name."/lib/module.conf.php");
-		$record = $module["nav"][$nav_id];
+		include_once('../'.$module_name.'/lib/module.conf.php');
+		$record = $module['nav'][$nav_id];
 	} else {
-		// ein Fehler
+		//* error
 		$record = $_POST;
 	}
 	//$record["readonly"] = 'style="background-color: #EEEEEE;" readonly';
 } else {
-// neuer datensatz
+    //* New data record
 	if($error == '') {
-		// es liegt kein Fehler vor
+		//* es liegt kein Fehler vor
 	} else {
-		// ein Fehler
+		//* error
 		$record = $_POST;
 		
 	}
 	//$record["readonly"] = '';
 }
 
-$record["nav_id"] = $nav_id;
-$record["module_name"] = $module_name;
+$record['nav_id'] = $nav_id;
+$record['module_name'] = $module_name;
 
 $app->tpl->setVar($record);
 
-include_once("lib/lang/".$_SESSION["s"]["language"]."_module_nav_edit.lng");
+include_once('lib/lang/'.$_SESSION['s']['language'].'_module_nav_edit.lng');
 $app->tpl->setVar($wb);
 
-// Defaultwerte setzen
 $app->tpl_defaults();
-
-// Template parsen
 $app->tpl->pparse();
 
 ?>
\ No newline at end of file

--
Gitblit v1.9.1