forked from science-ation/science-ation
- Disable the save and delete option for system reports, and print a message
saying that the report can only be saved as a new report. - Add checks to the report_save and report_delete fucntions to ensure system reports cannot be saved/deleted.
This commit is contained in:
dave
parent
ac3e50f94e
commit
44205d5039
@ -297,8 +297,24 @@ foreach($stock as $n=>$v) {
|
||||
/* New report */
|
||||
mysql_query("INSERT INTO reports (`id`) VALUES ('')");
|
||||
$report['id'] = mysql_insert_id();
|
||||
} else {
|
||||
/* if the report['id'] is not zero, see if this is a
|
||||
* systeim report before doing anything. */
|
||||
$q = mysql_query("SELECT system_report_id FROM reports WHERE id='{$report['id']}'");
|
||||
$i = mysql_fetch_assoc($q);
|
||||
if(intval($i['system_report_id']) != 0) {
|
||||
/* This is a system report, the editor (should)
|
||||
* properly setup the editor pages so that the user
|
||||
* cannot save this report. The only way to get here
|
||||
* is by directly modifying the POST variables.. so..
|
||||
* we don't have to worry about being user friendly. */
|
||||
echo "ERROR: attempt to save a system report (reports.id={$report['id']})";
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
/*
|
||||
print("<pre>");
|
||||
print_r($_POST);
|
||||
@ -361,6 +377,19 @@ foreach($stock as $n=>$v) {
|
||||
function report_delete($report_id)
|
||||
{
|
||||
$r = intval($report_id);
|
||||
/* if the report['id'] is not zero, see if this is a
|
||||
* systeim report before doing anything. */
|
||||
$q = mysql_query("SELECT system_report_id FROM reports WHERE id='$r'");
|
||||
$i = mysql_fetch_assoc($q);
|
||||
if(intval($i['system_report_id']) != 0) {
|
||||
/* This is a system report, the editor (should)
|
||||
* properly setup the editor pages so that the user
|
||||
* cannot delete this report. The only way to get here
|
||||
* is by directly modifying the POST variables.. so..
|
||||
* we don't have to worry about being user friendly. */
|
||||
echo "ERROR: attempt to delete a system report (reports.id=$r)";
|
||||
exit;
|
||||
}
|
||||
mysql_query("DELETE FROM reports WHERE `id`=$r");
|
||||
mysql_query("DELETE FROM reports_items WHERE `reports_id`=$r");
|
||||
}
|
||||
|
||||
@ -178,9 +178,7 @@ function reportChange()
|
||||
return $ret;
|
||||
}
|
||||
|
||||
//print_r($_POST);
|
||||
/* Decode the report */
|
||||
|
||||
$report = array();
|
||||
$report['id'] = intval($_POST['id']);
|
||||
$report['name'] = stripslashes($_POST['name']);
|
||||
@ -213,8 +211,7 @@ function reportChange()
|
||||
}
|
||||
|
||||
if($repaction == 'try') {
|
||||
/* Try this report save it to the database under a new report, and mark it as
|
||||
* temporary, so when the generator finishes with it, it deletes it */
|
||||
/* Generate the report from what was passed through POST */
|
||||
report_gen($report);
|
||||
exit;
|
||||
}
|
||||
@ -427,15 +424,25 @@ function reportChange()
|
||||
}
|
||||
|
||||
echo "<br />";
|
||||
if($report['system_report_id'] != 0) {
|
||||
echo notice(i18n('This is a system report, it cannot be changed or deleted. To save changes you have made to it, please select the \'Save as a new report\' option.'));
|
||||
}
|
||||
echo "<select name=\"repaction\">";
|
||||
$sel = ($repaction_save == 'save') ? "selected=\"selected\"" : '';
|
||||
echo " <option value=\"save\" $sel>Save this report</option>";
|
||||
$sel = ($repaction_save == 'try') ? "selected=\"selected\"" : '';
|
||||
echo " <option value=\"try\" $sel>Try this report</option>";
|
||||
echo " <option value=\"\" ></option>";
|
||||
echo " <option value=\"dupe\" >Save as a new report(duplicate)</option>";
|
||||
echo " <option value=\"\" ></option>";
|
||||
echo " <option value=\"del\" >Delete this report</option>";
|
||||
if($report['system_report_id'] == 0) {
|
||||
$sel = ($repaction_save == 'save') ? "selected=\"selected\"" : '';
|
||||
echo " <option value=\"save\" $sel>Save this report</option>";
|
||||
$sel = ($repaction_save == 'try') ? "selected=\"selected\"" : '';
|
||||
echo " <option value=\"try\" $sel>Try this report</option>";
|
||||
echo " <option value=\"\" ></option>";
|
||||
echo " <option value=\"dupe\" >Save as a new report(duplicate)</option>";
|
||||
echo " <option value=\"\" ></option>";
|
||||
echo " <option value=\"del\" >Delete this report</option>";
|
||||
} else {
|
||||
echo " <option value=\"dupe\" >Save as a new report(duplicate)</option>";
|
||||
$sel = ($repaction_save == 'try') ? "selected=\"selected\"" : '';
|
||||
echo " <option value=\"try\" $sel>Try this report</option>";
|
||||
}
|
||||
|
||||
echo "</select>";
|
||||
echo "<input type=\"submit\" value=\"Go\">";
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user