meteo/Sentri
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed an issue that allowed some disabled module content to be visible or accessible.

Browse Source
This commit is contained in:
Meteo
2026-01-07 23:16:36 +01:00
parent 604d71e0e6
commit eb2e4678eb
10 changed files with 97 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
pub/api/v1/customers/companies/activate/index.php
View File

@@ -2,6 +2,11 @@
use api\classes\API_companies;
if (!$GLOBALS['modules_enabled']['customers']) {
echo '405 Not Allowed';
exit;
}
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_companies.php';

5
pub/api/v1/office/stompjes/index.php
View File

@@ -2,6 +2,11 @@
use api\classes\API_office_stompjes;
if (!$GLOBALS['modules_enabled']['office']) {
echo '405 Not Allowed';
exit;
}
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_office_stompjes.php';

5
pub/api/v1/servers/index.php
View File

@@ -2,6 +2,11 @@
use api\classes\API_servers;
if (!$GLOBALS['modules_enabled']['servers']) {
echo '405 Not Allowed';
exit;
}
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_servers.php';

6
pub/bin/pages/customers/pageCompanies.php
View File

@@ -2,6 +2,12 @@
if (!defined('APP_INIT')) {
exit;
}
if (!$GLOBALS['modules_enabled']['customers']) {
echo '405 Not Allowed';
exit;
}
if (isset($_GET['view'])) {
include_once($_SERVER['DOCUMENT_ROOT'] . '/bin/pages/customers/pageCompanies_company_view.php');
} else {

5
pub/bin/pages/customers/pageCompanies_company_view.php
View File

@@ -2,6 +2,11 @@
if (!defined('APP_INIT')) {
exit;
}
if (!$GLOBALS['modules_enabled']['customers']) {
echo '405 Not Allowed';
exit;
}
# IDE Section
# Includes Section

21
pub/bin/pages/customers/pageCompanies_view.php
View File

@@ -3,6 +3,10 @@ if (!defined('APP_INIT')) {
exit;
}
if (!$GLOBALS['modules_enabled']['customers']) {
echo '405 Not Allowed';
exit;
}
# IDE Section
# Includes Section
@@ -26,8 +30,8 @@ $jsScriptLoadData['datatables'] = true;
$jsScriptLoadData['multiFilterSelect'] = true;
$jsScriptLoadData['datepicker'] = true;
$jsScriptLoadData['activateCompany'] = true;
# PageClasses Setup
# PageClasses Setup
# Retrieve Information for the page
if (!isset($_GET['all'])) {
@@ -66,9 +70,8 @@ while ($row = $stmt->fetch_assoc()) {
<i class="fa-solid fa-filter"></i> &nbsp; <?php echo __('show_active') ?>
</a>
<?php } ?>
</div> &nbsp;
<form method="post" action="/api/v1/customers/companies/sync/">
<form method="post" action="/api/v1/sources/inserve/sync-companies/">
<input type="hidden">
<div class="col-lg-auto col-md-auto col-sm-auto">
<button class="btn btn-primary">
@@ -89,7 +92,9 @@ while ($row = $stmt->fetch_assoc()) {
<th><?php echo __('company_id') ?></th>
<th><?php echo __('company_debtor') ?></th>
<th><?php echo __('company_state') ?></th>
<th><?php echo __('server_count') ?></th>
<?php if ($GLOBALS['modules_enabled']['servers']) { ?>
<th><?php echo __('server_count') ?></th>
<?php } ?>
<th><?php echo __('actions') ?></th>
</tr>
</thead>
@@ -99,7 +104,9 @@ while ($row = $stmt->fetch_assoc()) {
<th><?php echo __('company_id') ?></th>
<th><?php echo __('company_debtor') ?></th>
<th><?php echo __('company_state') ?></th>
<th><?php echo __('server_count') ?></th>
<?php if ($GLOBALS['modules_enabled']['servers']) { ?>
<th><?php echo __('server_count') ?></th>
<?php } ?>
<th><?php echo __('actions') ?></th>
</tr>
</tfoot>
@@ -111,7 +118,9 @@ while ($row = $stmt->fetch_assoc()) {
<td class="text-nowrap"><?php echo $company['company_source_id'] ?></td>
<td class="text-nowrap"><?php echo $company['company_source_id2'] ?></td>
<td class="text-nowrap"><?php echo $company['company_state'] ?></td>
<td class="text-nowrap"><?php echo $company['server_count'] ?></td>
<?php if ($GLOBALS['modules_enabled']['servers']) { ?>
<td class="text-nowrap"><?php echo $company['server_count'] ?></td>
<?php } ?>
<td>
<a href="/companies?view=<?php echo $company['company_uuid'] ?>" class="btn btn-info btn-sm btn-rounded" data-item-uuid="<?php echo $company['company_uuid'] ?>"><i class="fa-solid fa-eye"></i></a>
<?php if ($API->checkPermissions('customer-companies', 'RW', true) && $company['server_count'] == 0) { ?>

6
pub/bin/pages/office/pageStompjes.php
View File

@@ -5,6 +5,12 @@ use api\classes\API;
if (!defined('APP_INIT')) {
exit;
}
if (!$GLOBALS['modules_enabled']['office']) {
echo '405 Not Allowed';
exit;
}
# IDE Section
# Includes Section

6
pub/bin/pages/servers/pageServerOverview.php
View File

@@ -2,6 +2,12 @@
if (!defined('APP_INIT')) {
exit;
}
if (!$GLOBALS['modules_enabled']['servers']) {
echo '405 Not Allowed';
exit;
}
if (isset($_GET['view'])) {
include_once($_SERVER['DOCUMENT_ROOT'] . '/bin/pages/servers/pageServerOverview_server_view.php');
} else {

70
pub/bin/pages/servers/pageServerOverview_server_view.php
View File

@@ -6,6 +6,11 @@ use bin\php\Classes\pageNavbar;
if (!defined('APP_INIT')) {
exit;
}
if (!$GLOBALS['modules_enabled']['servers']) {
echo '405 Not Allowed';
exit;
}
# IDE Section
# Includes Section
@@ -37,10 +42,12 @@ $stmt->execute();
$result = $stmt->get_result();
$server_data = $result->fetch_assoc();
$companies_data = $GLOBALS['conn']->query("SELECT company_uuid, company_name FROM companies WHERE company_state = 'active'");
$companies = array();
while ($company_data = $companies_data->fetch_assoc()) {
array_push($companies, $company_data);
if ($GLOBALS['modules_enabled']['customers']) {
$companies_data = $GLOBALS['conn']->query("SELECT company_uuid, company_name FROM companies WHERE company_state = 'active'");
$companies = array();
while ($company_data = $companies_data->fetch_assoc()) {
array_push($companies, $company_data);
}
}
# Retrieve Information for the page
@@ -194,36 +201,37 @@ $pageNavbar->outPutNavbar();
</h4>
</td>
</tr>
<tr>
<td>
<h4>
<i class="fas fa-building"></i> <?php echo __('company') ?>
</h4>
</td>
<td>
<?php if ($API->checkPermissions('servers', 'RW', true)) { ?>
<div class="input-group">
<select id="company_uuid" name="company_uuid" class="form-control">
<option></option>
<?php foreach ($companies as $company) { ?>
<option <?php echo ($server_data['company_uuid'] == $company['company_uuid']) ? 'selected' : '' ?> value="<?php echo $company['company_uuid'] ?>"><?php echo $company['company_name'] ?></option>
<?php } ?>
</select>
</div>
<?php } else { ?>
<?php if ($GLOBALS['modules_enabled']['customers']) { ?>
<tr>
<td>
<h4>
<?php
$companyMap = array_column($companies, 'company_name', 'company_uuid');
echo $companyMap[$server_data['company_uuid']] ?? null;
?>
<i class="fas fa-building"></i> <?php echo __('company') ?>
</h4>
<?php } ?>
</td>
</tr>
</td>
<td>
<?php if ($API->checkPermissions('servers', 'RW', true)) { ?>
<div class="input-group">
<select id="company_uuid" name="company_uuid" class="form-control">
<option></option>
<?php foreach ($companies as $company) { ?>
<option <?php echo ($server_data['company_uuid'] == $company['company_uuid']) ? 'selected' : '' ?> value="<?php echo $company['company_uuid'] ?>"><?php echo $company['company_name'] ?></option>
<?php } ?>
</select>
</div>
<?php } else { ?>
<h4>
<?php
$companyMap = array_column($companies, 'company_name', 'company_uuid');
echo $companyMap[$server_data['company_uuid']] ?? null;
?>
</h4>
<?php } ?>
</td>
</tr>
<?php } ?>
<tr>
<td>
<h4>

5
pub/bin/pages/servers/pageServerOverview_view.php
View File

@@ -5,6 +5,11 @@ use api\classes\API;
if (!defined('APP_INIT')) {
exit;
}
if (!$GLOBALS['modules_enabled']['servers']) {
echo '405 Not Allowed';
exit;
}
# IDE Section
# Includes Section