meteo/Sentri
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed an issue that allowed some disabled module content to be visible or accessible.

Browse Source
This commit is contained in:
Meteo
2026-01-07 23:16:36 +01:00
parent 604d71e0e6
commit eb2e4678eb
10 changed files with 97 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
pub/api/v1/customers/companies/activate/index.php
View File

@@ -2,6 +2,11 @@
use api\classes\API_companies; use api\classes\API_companies;
if (!$GLOBALS['modules_enabled']['customers']) {
echo '405 Not Allowed';
exit;
}
session_start(); session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_companies.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_companies.php';

5
pub/api/v1/office/stompjes/index.php
View File

@@ -2,6 +2,11 @@
use api\classes\API_office_stompjes; use api\classes\API_office_stompjes;
if (!$GLOBALS['modules_enabled']['office']) {
echo '405 Not Allowed';
exit;
}
session_start(); session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_office_stompjes.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_office_stompjes.php';

5
pub/api/v1/servers/index.php
View File

@@ -2,6 +2,11 @@
use api\classes\API_servers; use api\classes\API_servers;
if (!$GLOBALS['modules_enabled']['servers']) {
echo '405 Not Allowed';
exit;
}
session_start(); session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_servers.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_servers.php';

6
pub/bin/pages/customers/pageCompanies.php
View File

@@ -2,6 +2,12 @@
if (!defined('APP_INIT')) { if (!defined('APP_INIT')) {
exit; exit;
} }
if (!$GLOBALS['modules_enabled']['customers']) {
echo '405 Not Allowed';
exit;
}
if (isset($_GET['view'])) { if (isset($_GET['view'])) {
include_once($_SERVER['DOCUMENT_ROOT'] . '/bin/pages/customers/pageCompanies_company_view.php'); include_once($_SERVER['DOCUMENT_ROOT'] . '/bin/pages/customers/pageCompanies_company_view.php');
} else { } else {

5
pub/bin/pages/customers/pageCompanies_company_view.php
View File

@@ -2,6 +2,11 @@
if (!defined('APP_INIT')) { if (!defined('APP_INIT')) {
exit; exit;
} }
if (!$GLOBALS['modules_enabled']['customers']) {
echo '405 Not Allowed';
exit;
}
# IDE Section # IDE Section
# Includes Section # Includes Section

15
pub/bin/pages/customers/pageCompanies_view.php
View File

@@ -3,6 +3,10 @@ if (!defined('APP_INIT')) {
exit; exit;
} }
if (!$GLOBALS['modules_enabled']['customers']) {
echo '405 Not Allowed';
exit;
}
# IDE Section # IDE Section
# Includes Section # Includes Section
@@ -26,8 +30,8 @@ $jsScriptLoadData['datatables'] = true;
$jsScriptLoadData['multiFilterSelect'] = true; $jsScriptLoadData['multiFilterSelect'] = true;
$jsScriptLoadData['datepicker'] = true; $jsScriptLoadData['datepicker'] = true;
$jsScriptLoadData['activateCompany'] = true; $jsScriptLoadData['activateCompany'] = true;
# PageClasses Setup
# PageClasses Setup
# Retrieve Information for the page # Retrieve Information for the page
if (!isset($_GET['all'])) { if (!isset($_GET['all'])) {
@@ -66,9 +70,8 @@ while ($row = $stmt->fetch_assoc()) {
<i class="fa-solid fa-filter"></i> &nbsp; <?php echo __('show_active') ?> <i class="fa-solid fa-filter"></i> &nbsp; <?php echo __('show_active') ?>
</a> </a>
<?php } ?> <?php } ?>
</div> &nbsp; </div> &nbsp;
<form method="post" action="/api/v1/customers/companies/sync/"> <form method="post" action="/api/v1/sources/inserve/sync-companies/">
<input type="hidden"> <input type="hidden">
<div class="col-lg-auto col-md-auto col-sm-auto"> <div class="col-lg-auto col-md-auto col-sm-auto">
<button class="btn btn-primary"> <button class="btn btn-primary">
@@ -89,7 +92,9 @@ while ($row = $stmt->fetch_assoc()) {
<th><?php echo __('company_id') ?></th> <th><?php echo __('company_id') ?></th>
<th><?php echo __('company_debtor') ?></th> <th><?php echo __('company_debtor') ?></th>
<th><?php echo __('company_state') ?></th> <th><?php echo __('company_state') ?></th>
<?php if ($GLOBALS['modules_enabled']['servers']) { ?>
<th><?php echo __('server_count') ?></th> <th><?php echo __('server_count') ?></th>
<?php } ?>
<th><?php echo __('actions') ?></th> <th><?php echo __('actions') ?></th>
</tr> </tr>
</thead> </thead>
@@ -99,7 +104,9 @@ while ($row = $stmt->fetch_assoc()) {
<th><?php echo __('company_id') ?></th> <th><?php echo __('company_id') ?></th>
<th><?php echo __('company_debtor') ?></th> <th><?php echo __('company_debtor') ?></th>
<th><?php echo __('company_state') ?></th> <th><?php echo __('company_state') ?></th>
<?php if ($GLOBALS['modules_enabled']['servers']) { ?>
<th><?php echo __('server_count') ?></th> <th><?php echo __('server_count') ?></th>
<?php } ?>
<th><?php echo __('actions') ?></th> <th><?php echo __('actions') ?></th>
</tr> </tr>
</tfoot> </tfoot>
@@ -111,7 +118,9 @@ while ($row = $stmt->fetch_assoc()) {
<td class="text-nowrap"><?php echo $company['company_source_id'] ?></td> <td class="text-nowrap"><?php echo $company['company_source_id'] ?></td>
<td class="text-nowrap"><?php echo $company['company_source_id2'] ?></td> <td class="text-nowrap"><?php echo $company['company_source_id2'] ?></td>
<td class="text-nowrap"><?php echo $company['company_state'] ?></td> <td class="text-nowrap"><?php echo $company['company_state'] ?></td>
<?php if ($GLOBALS['modules_enabled']['servers']) { ?>
<td class="text-nowrap"><?php echo $company['server_count'] ?></td> <td class="text-nowrap"><?php echo $company['server_count'] ?></td>
<?php } ?>
<td> <td>
<a href="/companies?view=<?php echo $company['company_uuid'] ?>" class="btn btn-info btn-sm btn-rounded" data-item-uuid="<?php echo $company['company_uuid'] ?>"><i class="fa-solid fa-eye"></i></a> <a href="/companies?view=<?php echo $company['company_uuid'] ?>" class="btn btn-info btn-sm btn-rounded" data-item-uuid="<?php echo $company['company_uuid'] ?>"><i class="fa-solid fa-eye"></i></a>
<?php if ($API->checkPermissions('customer-companies', 'RW', true) && $company['server_count'] == 0) { ?> <?php if ($API->checkPermissions('customer-companies', 'RW', true) && $company['server_count'] == 0) { ?>

6
pub/bin/pages/office/pageStompjes.php
View File

@@ -5,6 +5,12 @@ use api\classes\API;
if (!defined('APP_INIT')) { if (!defined('APP_INIT')) {
exit; exit;
} }
if (!$GLOBALS['modules_enabled']['office']) {
echo '405 Not Allowed';
exit;
}
# IDE Section # IDE Section
# Includes Section # Includes Section

6
pub/bin/pages/servers/pageServerOverview.php
View File

@@ -2,6 +2,12 @@
if (!defined('APP_INIT')) { if (!defined('APP_INIT')) {
exit; exit;
} }
if (!$GLOBALS['modules_enabled']['servers']) {
echo '405 Not Allowed';
exit;
}
if (isset($_GET['view'])) { if (isset($_GET['view'])) {
include_once($_SERVER['DOCUMENT_ROOT'] . '/bin/pages/servers/pageServerOverview_server_view.php'); include_once($_SERVER['DOCUMENT_ROOT'] . '/bin/pages/servers/pageServerOverview_server_view.php');
} else { } else {

10
pub/bin/pages/servers/pageServerOverview_server_view.php
View File

@@ -6,6 +6,11 @@ use bin\php\Classes\pageNavbar;
if (!defined('APP_INIT')) { if (!defined('APP_INIT')) {
exit; exit;
} }
if (!$GLOBALS['modules_enabled']['servers']) {
echo '405 Not Allowed';
exit;
}
# IDE Section # IDE Section
# Includes Section # Includes Section
@@ -37,11 +42,13 @@ $stmt->execute();
$result = $stmt->get_result(); $result = $stmt->get_result();
$server_data = $result->fetch_assoc(); $server_data = $result->fetch_assoc();
if ($GLOBALS['modules_enabled']['customers']) {
$companies_data = $GLOBALS['conn']->query("SELECT company_uuid, company_name FROM companies WHERE company_state = 'active'"); $companies_data = $GLOBALS['conn']->query("SELECT company_uuid, company_name FROM companies WHERE company_state = 'active'");
$companies = array(); $companies = array();
while ($company_data = $companies_data->fetch_assoc()) { while ($company_data = $companies_data->fetch_assoc()) {
array_push($companies, $company_data); array_push($companies, $company_data);
} }
}
# Retrieve Information for the page # Retrieve Information for the page
$user_groups_data = $GLOBALS['conn']->query("SELECT * FROM vc_user_groups WHERE user_group_type = 'admin' ORDER BY user_group_weight DESC"); $user_groups_data = $GLOBALS['conn']->query("SELECT * FROM vc_user_groups WHERE user_group_type = 'admin' ORDER BY user_group_weight DESC");
@@ -194,6 +201,7 @@ $pageNavbar->outPutNavbar();
</h4> </h4>
</td> </td>
</tr> </tr>
<?php if ($GLOBALS['modules_enabled']['customers']) { ?>
<tr> <tr>
<td> <td>
<h4> <h4>
@@ -223,7 +231,7 @@ $pageNavbar->outPutNavbar();
<?php } ?> <?php } ?>
</td> </td>
</tr> </tr>
<?php } ?>
<tr> <tr>
<td> <td>
<h4> <h4>

5
pub/bin/pages/servers/pageServerOverview_view.php
View File

@@ -5,6 +5,11 @@ use api\classes\API;
if (!defined('APP_INIT')) { if (!defined('APP_INIT')) {
exit; exit;
} }
if (!$GLOBALS['modules_enabled']['servers']) {
echo '405 Not Allowed';
exit;
}
# IDE Section # IDE Section
# Includes Section # Includes Section