From: garvinhicking Date: Fri, 14 Jul 2006 12:31:53 +0000 (+0000) Subject: MDB Fixes: X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=68d4c2fd2bfd637f29550f389584a7fbed13bf95;p=s9y.git MDB Fixes: * Properly attach to missing nodes * Inherit parent ACL for new directories * Fix not allowing access to directories that should be available to all --- diff --git a/include/admin/images.inc.php b/include/admin/images.inc.php index 3e8fa9b..65db1ca 100644 --- a/include/admin/images.inc.php +++ b/include/admin/images.inc.php @@ -471,15 +471,30 @@ switch ($serendipity['GET']['adminAction']) { } $new_dir = serendipity_uploadSecure($serendipity['POST']['parent'] . '/' . $serendipity['POST']['name'], true); - $new_dir = str_replace('..', '', $new_dir); + $new_dir = str_replace(array('..', '//'), array('', '/'), $new_dir); /* TODO: check if directory already exist */ if (@mkdir($serendipity['serendipityPath'] . $serendipity['uploadPath'] . $new_dir)) { printf(DIRECTORY_CREATED, $serendipity['POST']['name']); @umask(0000); @chmod($serendipity['serendipityPath'] . $serendipity['uploadPath'] . $new_dir, 0777); - serendipity_ACLGrant(0, 'directory', 'read', array(0), $new_dir . '/'); - serendipity_ACLGrant(0, 'directory', 'write', array(0), $new_dir . '/'); + + // Apply parent ACL to new child. + $array_parent_read = serendipity_ACLGet(0, 'directory', 'read', $serendipity['POST']['parent']); + $array_parent_write = serendipity_ACLGet(0, 'directory', 'write', $serendipity['POST']['parent']); + if (!is_array($array_parent_read) || count($array_parent_read) < 1) { + $parent_read = array(0); + } else { + $parent_read = array_keys($array_parent_read); + } + if (!is_array($array_parent_write) || count($array_parent_write) < 1) { + $parent_write = array(0); + } else { + $parent_write = array_keys($array_parent_write); + } + + serendipity_ACLGrant(0, 'directory', 'read', $parent_read, $new_dir . '/'); + serendipity_ACLGrant(0, 'directory', 'write', $parent_write, $new_dir . '/'); } else { printf(DIRECTORY_WRITE_ERROR, $new_dir); } diff --git a/include/functions_images.inc.php b/include/functions_images.inc.php index 0d7b1de..ffdafcd 100644 --- a/include/functions_images.inc.php +++ b/include/functions_images.inc.php @@ -1976,7 +1976,7 @@ function serendipity_directoryACL(&$paths, $type = 'read') { $granted = false; foreach($acl_allowed[$info['relpath']] AS $groupid => $set) { - if (isset($acl_allowed_groups[$groupid])) { + if ($groupid === 0 || isset($acl_allowed_groups[$groupid])) { // We are allowed to access this element $granted = true; break; diff --git a/templates/default/admin/media_choose.tpl b/templates/default/admin/media_choose.tpl index f7411dd..94d4dfe 100644 --- a/templates/default/admin/media_choose.tpl +++ b/templates/default/admin/media_choose.tpl @@ -324,7 +324,11 @@ {if $item.depth == 1} tmpNode = new YAHOO.widget.TextNode(mydir, coreNode, false); {else} - tmpNode = new YAHOO.widget.TextNode(mydir, last_node[{$item.depth} - 1], false); + if (last_node[{$item.depth}-1]) {ldelim} + tmpNode = new YAHOO.widget.TextNode(mydir, last_node[{$item.depth} - 1], false); + {rdelim} else {ldelim} + tmpNode = new YAHOO.widget.TextNode(mydir, coreNode, false); + {rdelim} {/if} last_node[{$item.depth}] = tmpNode; {/foreach}