diff options
Diffstat (limited to 'pages/Pages/Handle.c.xml')
| -rw-r--r-- | pages/Pages/Handle.c.xml | 58 |
1 files changed, 54 insertions, 4 deletions
diff --git a/pages/Pages/Handle.c.xml b/pages/Pages/Handle.c.xml index 47fa776..734c62d 100644 --- a/pages/Pages/Handle.c.xml +++ b/pages/Pages/Handle.c.xml @@ -3,7 +3,7 @@ <info> <name>Pages:Handle</name> <template>phpexec</template> - <access>0</access> + <access>0:0</access> <type>c</type> </info> <data> @@ -51,9 +51,59 @@ echo $data['content']; } } + elseif(isset($_POST['privs'])) { + if($_POST['name']) { + $name = htmlspecialchars(Unquote($_POST['name'])); + + $title = 'Rechte von \'' . $name . '\' ändern'; + + echo '<h2>Rechte von \'' . $name . '\' ändern</h2>'; + + $access = $GLOBALS['pages']->GetAccess(Unquote($_POST['name']), $_POST['type']); + $groups = $GLOBALS['user']->ListGroups(); + + array_unshift($groups, array(0, 'Gast')); + + echo '<form action="' . $GLOBALS['links']->GetNeonLink('Pages:Privs') . '" method="post">'; + + echo '<input type="hidden" name="name" value="' . $name . '" />'; + echo '<input type="hidden" name="type" value="' . $_POST['type'] . '" />'; + + echo '<table>'; + + foreach($groups as $group) { + echo '<tr><td>' . htmlspecialchars($group[1]) . '</td><td>'; + + echo '<select size="1" name="group_' . $group[0] . '">'; + + echo '<option value="0"'; + if((hexdec($access[0][$group[0]/4]) & (1 << ($group[0]%4))) == 0) echo ' selected="selected"'; + echo '>Kein Zugriff</option>'; + + echo '<option value="1"'; + if(((hexdec($access[0][$group[0]/4]) & (1 << ($group[0]%4))) != 0) + && ((hexdec($access[1][$group[0]/4]) & (1 << ($group[0]%4))) == 0)) + echo ' selected="selected"'; + echo '>Nur lesen</option>'; + + echo '<option value="2"'; + if((hexdec($access[1][$group[0]/4]) & (1 << ($group[0]%4))) != 0) echo ' selected="selected"'; + echo '>Lesen und schreiben</option>'; + + echo '</select></td></tr>'; + } + + echo '</table>'; + + echo '<input type="submit" class="spaced-top" value="Ändern" /> '; + echo '<input type="submit" class="spaced-top" name="back" value="Zurück" />'; + + echo '</form>'; + } + } elseif(isset($_POST['copy'])) { if($_POST['name']) { - $name = strtr(Unquote($_POST['name']), array('<' => '<', '>' => '>', '&' => '&', '"' => '"')); + $name = htmlspecialchars(Unquote($_POST['name'])); $title = '\'' . $name . '\' kopieren'; @@ -70,7 +120,7 @@ } elseif(isset($_POST['rename'])) { if($_POST['name']) { - $name = strtr(Unquote($_POST['name']), array('<' => '<', '>' => '>', '&' => '&', '"' => '"')); + $name = htmlspecialchars(Unquote($_POST['name'])); $title = '\'' . $name . '\' umbenennen'; @@ -88,7 +138,7 @@ } elseif(isset($_POST['delete'])) { if($_POST['name']) { - $name = strtr(Unquote($_POST['name']), array('<' => '<', '>' => '>', '&' => '&', '"' => '"')); + $name = htmlspecialchars(Unquote($_POST['name'])); $title = '\'' . $name . '\' löschen'; |