Skip to content
GitLab
Commit 5b2033cf authored by moyooo's avatar moyooo
Browse files

movre 0.85 to trunk

parent 3af24955
Hide whitespace changes
Inline Side-by-side
AUTHORS.txt
View file @ 5b2033cf
......@@ -10,3 +10,4 @@ Damien Touraine
Contibutors :
Olivier Andreotti
Alexandre Delaunay
ajax/autocompletion.php
View file @ 5b2033cf
......@@ -32,7 +32,7 @@
*/
// Include plugin if it is a plugin table
if (!strstr($_POST['itemtype'],"Plugin")) {
if (!strstr($_GET['itemtype'],"Plugin")) {
$AJAX_INCLUDE = 1;
}
include ('../inc/includes.php');
......@@ -42,66 +42,64 @@ Html::header_nocache();
Session::checkLoginUser();
// Security
if (!isset($_POST['itemtype']) || !($item = getItemForItemtype($_POST['itemtype']))) {
if (!isset($_GET['itemtype']) || !($item = getItemForItemtype($_GET['itemtype']))) {
exit();
}
$item->getEmpty();
$table = $item->getTable();
// Security
if (!isset($item->fields[$_POST['field']]) || !$item->canView()) {
if (!isset($item->fields[$_GET['field']]) || !$item->canView()) {
exit();
}
// Security : blacklist fields
if (in_array($table.'.'.$_POST['field'],
if (in_array($table.'.'.$_GET['field'],
array('glpi_authldaps.rootdn', 'glpi_authldaps.rootdn_passwd',
'glpi_configs.proxy_passwd', 'glpi_mailcollectors.login',
'glpi_configs.value', 'glpi_mailcollectors.login',
'glpi_mailcollectors.passwd', 'glpi_users.name', 'glpi_users.password'))) {
exit();
}
$entity = "";
if (isset($_POST['entity_restrict']) && $_POST['entity_restrict']>=0) {
if (isset($_GET['entity_restrict']) && $_GET['entity_restrict']>=0) {
if ($item->isEntityAssign()) {
$entity = " AND `entities_id` = '".$_POST['entity_restrict']."' ";
$entity = " AND `entities_id` = '".$_GET['entity_restrict']."' ";
}
}
if (isset($_POST['user_restrict']) && $_POST['user_restrict']>0) {
$entity = " AND `users_id` = '".$_POST['user_restrict']."' ";
if (isset($_GET['user_restrict']) && $_GET['user_restrict']>0) {
$entity = " AND `users_id` = '".$_GET['user_restrict']."' ";
}
$query = "SELECT COUNT(`".$_POST['field']."`)
$query = "SELECT COUNT(`".$_GET['field']."`)
FROM `$table`
WHERE `".$_POST['field']."` LIKE '".$_POST['query']."%'
AND `".$_POST['field']."` <> '".$_POST['query']."'
WHERE `".$_GET['field']."` LIKE '".$_GET['term']."%'
AND `".$_GET['field']."` <> '".$_GET['term']."'
$entity ";
$result = $DB->query($query);
$totnum = $DB->result($result,0,0);
$query = "SELECT DISTINCT `".$_POST['field']."` AS VAL
$query = "SELECT DISTINCT `".$_GET['field']."` AS VAL
FROM `$table`
WHERE `".$_POST['field']."` LIKE '".$_POST['query']."%'
AND `".$_POST['field']."` <> '".$_POST['query']."'
WHERE `".$_GET['field']."` LIKE '".$_GET['term']."%'
AND `".$_GET['field']."` <> '".$_GET['term']."'
$entity
ORDER BY `".$_POST['field']."`
LIMIT ".intval($_POST['start']).",".intval($_POST['limit']);
ORDER BY `".$_GET['field']."`";
$values = array();
if ($result=$DB->query($query)) {
echo '{"totalCount":'.$totnum.',"items":[';
if ($DB->numrows($result)>0) {
$first = true;
while ($data=$DB->fetch_assoc($result)) {
if ($first) {
$first = false;
} else {
echo ',';
}
echo '{"value":"'.$data['VAL'].'"}';
$values[]=$data['VAL'];
}
}
echo ']}';
}
?>
\ No newline at end of file
if (count($values)) {
echo json_encode($values);
}
?>
ajax/comments.php
View file @ 5b2033cf
......@@ -59,7 +59,7 @@ if (isset($_POST["table"])
if (isset($_POST['withlink'])) {
echo "<script type='text/javascript' >\n";
echo "Ext.get('".$_POST['withlink']."').dom.href='".$tmpname['link']."';";
echo Html::jsGetElementbyID($_POST['withlink']).".attr('href', '".$tmpname['link']."');";
echo "</script>\n";
}
break;
......
ajax/common.tabs.php
View file @ 5b2033cf
......@@ -40,41 +40,56 @@ if (isset($_POST['full_page_tab'])) {
Html::header_nocache();
}
if (!isset($_POST['glpi_tab'])) {
if (!isset($_GET['_glpi_tab'])) {
exit();
}
if (!isset($_POST['itemtype']) || empty($_POST['itemtype'])) {
if (!isset($_GET['_itemtype']) || empty($_GET['_itemtype'])) {
exit();
}
if (!isset($_POST["sort"])) {
$_POST["sort"] = "";
if (!isset($_GET["sort"])) {
$_GET["sort"] = "";
}
if (!isset($_POST["order"])) {
$_POST["order"] = "";
if (!isset($_GET["order"])) {
$_GET["order"] = "";
}
if (!isset($_POST["withtemplate"])) {
$_POST["withtemplate"] = "";
if (!isset($_GET["withtemplate"])) {
$_GET["withtemplate"] = "";
}
if ($item = getItemForItemtype($_POST['itemtype'])) {
if ($item instanceof CommonDBTM
&& $item->isNewItem()
&& (!isset($_POST["id"]) || !$item->can($_POST["id"],'r'))) {
exit();
if ($item = getItemForItemtype($_GET['_itemtype'])) {
if ($item->get_item_to_display_tab) {
// No id if ruleCollection but check right
if ($item instanceof RuleCollection) {
if (!$item->canList()) {
exit();
}
} else if (!isset($_GET["id"])|| $item->isNewID($_GET["id"])) {
if (!$item->can(-1, CREATE, $_GET)) {
exit();
}
} else if (!$item->can($_GET["id"], READ)) {
exit();
}
}
}
CommonGLPI::displayStandardTab($item, $_POST['glpi_tab'],$_POST["withtemplate"]);
$notvalidoptions = array('_glpi_tab', '_itemtype', 'sort', 'order', 'withtemplate');
$options = $_GET;
foreach ($notvalidoptions as $key) {
if (isset($options[$key])) {
unset($options[$key]);
}
}
CommonGLPI::displayStandardTab($item, $_GET['_glpi_tab'],$_GET["withtemplate"], $options);
if (isset($_POST['full_page_tab'])) {
echo "<div class='center' id='debugajax'>";
Html::showSimpleForm($_SERVER['REQUEST_URI'], 'full_page_tab',
'Reload this tab', $_POST);
Html::showSimpleForm($_SERVER['REQUEST_URI'], 'full_page_tab', 'Reload this tab', $_POST);
echo "</div>";
Html::footer();
......
ajax/dropdownAllItems.php
View file @ 5b2033cf
......@@ -50,34 +50,38 @@ if ($_POST["idtable"] && class_exists($_POST["idtable"])) {
}
$rand = mt_rand();
$use_ajax = false;
if ($CFG_GLPI["use_ajax"]
&& (countElementsInTable($table) > $CFG_GLPI["ajax_limit_count"])) {
$use_ajax = true;
}
$paramsallitems = array('searchText' => '__VALUE__',
'table' => $table,
'itemtype' => $_POST["idtable"],
'rand' => $rand,
'myname' => $_POST["myname"],
'displaywith' => array('otherserial', 'serial'),
'display_emptychoice' => true);
$field_id = Html::cleanId("dropdown_".$_POST["name"].$rand);
$p = array('value' => 0,
'valuename' => Dropdown::EMPTY_VALUE,
'itemtype' => $_POST["idtable"],
'display_emptychoice' => true,
'displaywith' => array('otherserial', 'serial'));
if (isset($_POST['value'])) {
$paramsallitems['value'] = $_POST['value'];
$p['value'] = $_POST['value'];
}
if (isset($_POST['entity_restrict'])) {
$paramsallitems['entity_restrict'] = $_POST['entity_restrict'];
$p['entity_restrict'] = $_POST['entity_restrict'];
}
if (isset($_POST['condition'])) {
$paramsallitems['condition'] = stripslashes($_POST['condition']);
$p['condition'] = $_POST['condition'];
}
echo Html::jsAjaxDropdown($_POST["name"], $field_id,
$CFG_GLPI['root_doc']."/ajax/getDropdownValue.php",
$p);
$default = "<select name='".$_POST["myname"]."'><option value='0'>".Dropdown::EMPTY_VALUE.
"</option></select>";
Ajax::dropdown($use_ajax, "/ajax/$link", $paramsallitems, $default, $rand);
if (!empty($_POST['showItemSpecificity'])) {
$params = array('items_id' => '__VALUE__',
'itemtype' => $_POST["idtable"]);
if (isset($_POST['entity_restrict'])) {
$params['entity_restrict'] = $_POST['entity_restrict'];
}
Ajax::updateItemOnSelectEvent($field_id, "showItemSpecificity_".$_POST["name"]."$rand",
$_POST['showItemSpecificity'], $params);
echo "<br><span id='showItemSpecificity_".$_POST["name"]."$rand'>&nbsp;</span>\n";
}
}
?>
\ No newline at end of file
ajax/dropdownConnect.php
View file @ 5b2033cf
......@@ -45,158 +45,8 @@ if (!isset($_POST['fromtype']) || !($fromitem = getItemForItemtype($_POST['fromt
exit();
}
$fromitem->checkGlobal('w');
$fromitem->checkGlobal(UPDATE);
if (isset($_POST["used"]) && !is_numeric($_POST["used"]) && !is_array($_POST["used"])) {
$used = Toolbox::decodeArrayFromInput($_POST["used"]);
} else {
$used = $_POST["used"];
}
if (isset($used[$_POST['itemtype']])) {
$used = $used[$_POST['itemtype']];
} else {
$used = array();
}
if (isset($_POST["entity_restrict"])
&& !is_numeric($_POST["entity_restrict"])
&& !is_array($_POST["entity_restrict"])) {
$_POST["entity_restrict"] = Toolbox::decodeArrayFromInput($_POST["entity_restrict"]);
}
// Make a select box
$table = getTableForItemType($_POST["itemtype"]);
if (!$item = getItemForItemtype($_POST['itemtype'])) {
exit;
}
$where = "";
if ($item->maybeDeleted()) {
$where .= " AND `$table`.`is_deleted` = '0' ";
}
if ($item->maybeTemplate()) {
$where .= " AND `$table`.`is_template` = '0' ";
}
if (isset($_POST['searchText']) && (strlen($_POST['searchText']) > 0)
&& ($_POST['searchText'] != $CFG_GLPI["ajax_wildcard"])) {
$where .= " AND (`$table`.`name` ".Search::makeTextSearch($_POST['searchText'])."
OR `$table`.`otherserial` ".Search::makeTextSearch($_POST['searchText'])."
OR `$table`.`serial` ".Search::makeTextSearch($_POST['searchText'])." )";
}
$multi = $item->maybeRecursive();
if (isset($_POST["entity_restrict"]) && !($_POST["entity_restrict"] < 0)) {
$where .= getEntitiesRestrictRequest(" AND ", $table, '', $_POST["entity_restrict"], $multi);
if (is_array($_POST["entity_restrict"]) && (count($_POST["entity_restrict"]) > 1)) {
$multi = true;
}
} else {
$where .= getEntitiesRestrictRequest(" AND ", $table, '', $_SESSION['glpiactiveentities'],
$multi);
if (count($_SESSION['glpiactiveentities']) > 1) {
$multi = true;
}
}
$NBMAX = $CFG_GLPI["dropdown_max"];
$LIMIT = "LIMIT 0,$NBMAX";
if (isset($_POST['searchText']) && ($_POST['searchText'] == $CFG_GLPI["ajax_wildcard"])) {
$LIMIT = "";
}
$where_used = '';
if (!empty($used)) {
$where_used = " AND `$table`.`id` NOT IN ('".implode("','",$used)."')";
}
if ($_POST["onlyglobal"]
&& ($_POST["itemtype"] != 'Computer')) {
$CONNECT_SEARCH = " WHERE `$table`.`is_global` = '1' ";
} else {
if ($_POST["itemtype"] == 'Computer') {
$CONNECT_SEARCH = " WHERE 1
$where_used";
} else {
$CONNECT_SEARCH = " WHERE ((`glpi_computers_items`.`id` IS NULL
$where_used)
OR `$table`.`is_global` = '1') ";
}
}
$LEFTJOINCONNECT = "";
if (($_POST["itemtype"] != 'Computer')
&& !$_POST["onlyglobal"]) {
$LEFTJOINCONNECT = " LEFT JOIN `glpi_computers_items`
ON (`$table`.`id` = `glpi_computers_items`.`items_id`
AND `glpi_computers_items`.`itemtype` = '".$_POST['itemtype']."')";
}
$query = "SELECT DISTINCT `$table`.`id`,
`$table`.`name` AS name,
`$table`.`serial` AS serial,
`$table`.`otherserial` AS otherserial,
`$table`.`entities_id` AS entities_id
FROM `$table`
$LEFTJOINCONNECT
$CONNECT_SEARCH
$where
ORDER BY entities_id,
name ASC
$LIMIT";
$result = $DB->query($query);
echo "<select name='".$_POST['myname']."' size='1'>";
if (isset($_POST['searchText'])
&& ($_POST['searchText'] != $CFG_GLPI["ajax_wildcard"])
&& ($DB->numrows($result) == $NBMAX)) {
echo "<option value='0'>--".__('Limited view')."--</option>";
}
echo "<option value='0'>".Dropdown::EMPTY_VALUE."</option>";
if ($DB->numrows($result)) {
$prev = -1;
while ($data = $DB->fetch_assoc($result)) {
if ($multi && $data["entities_id"]!=$prev) {
if ($prev>=0) {
echo "</optgroup>";
}
$prev = $data["entities_id"];
echo "<optgroup label=\"". Dropdown::getDropdownName("glpi_entities", $prev) ."\">";
}
$output = $data['name'];
$ID = $data['id'];
if ($_SESSION["glpiis_ids_visible"]
|| empty($output)) {
$output = sprintf(__('%1$s (%2$s)'), $output, $ID);
}
if (!empty($data['serial'])) {
$output = sprintf(__('%1$s - %2$s'), $output, $data["serial"]);
}
if (!empty($data['otherserial'])) {
$output = sprintf(__('%1$s - %2$s'), $output, $data["otherserial"]);
}
echo "<option value='$ID' title=\"".Html::cleanInputText($output)."\">".
Toolbox::substr($output, 0, $_SESSION["glpidropdown_chars_limit"])."</option>";
}
if ($multi && $prev>=0) {
echo "</optgroup>";
}
}
echo "</select>";
?>
Computer_Item::dropdownConnect($_POST["itemtype"], $_POST['fromtype'], $_POST['myname'],
$_POST["entity_restrict"], $_POST["onlyglobal"], $_POST["used"]);
?>
\ No newline at end of file
ajax/dropdownConnectNetworkPort.php
View file @ 5b2033cf
......@@ -39,7 +39,7 @@ include ('../inc/includes.php');
header("Content-Type: text/html; charset=UTF-8");
Html::header_nocache();
Session::checkRight("networking", "w");
Session::checkRight("networking", UPDATE);
// Make a select box
if (class_exists($_POST["itemtype"])
......@@ -82,8 +82,7 @@ if (class_exists($_POST["itemtype"])
$result = $DB->query($query);
echo "<br>";
echo "<select name='".$_POST['myname']."' size='1'>";
echo "<option value='0'>".Dropdown::EMPTY_VALUE."</option>";
$values = array(0 => Dropdown::EMPTY_VALUE);
if ($DB->numrows($result)) {
while ($data = $DB->fetch_assoc($result)) {
......@@ -108,13 +107,9 @@ if (class_exists($_POST["itemtype"])
$output = sprintf(__('%1$s (%2$s)'), $output, $ID);
$output_long = sprintf(__('%1$s (%2$s)'), $output_long, $ID);
}
$output = Toolbox::substr($output, 0, $_SESSION["glpidropdown_chars_limit"]);
echo "<option value='$ID' title=\"".Html::cleanInputText($output_long)."\">".$output;
echo "</option>";
$values[$ID] = $output_long;
}
}
echo "</select>";
// echo "<input type='submit' name='connect' value=\"".__s('Connect')."\" class='submit'>";
Dropdown::showFromArray($_POST['myname'], $values);
}
?>
?>
\ No newline at end of file
ajax/dropdownConnectNetworkPortDeviceType.php
View file @ 5b2033cf
......@@ -37,47 +37,33 @@ include ('../inc/includes.php');
header("Content-Type: text/html; charset=UTF-8");
Html::header_nocache();
Session::checkRight("networking", "w");
Session::checkRight("networking", UPDATE);
// Make a select box
if (class_exists($_POST["itemtype"])) {
$table = getTableForItemType($_POST["itemtype"]);
$rand = mt_rand();
$use_ajax = true;
$paramsconnectpdt
= array('searchText' => '__VALUE__',
'itemtype' => $_POST['itemtype'],
'rand' => $rand,
'myname' => "items",
'entity_restrict' => $_POST["entity_restrict"],
// Beware: '\n' inside condition is transformed to 'n' in SQL request
// so don't cut this SQL request !
'condition' => "(`id` in (SELECT `items_id`".
"FROM `glpi_networkports`".
"WHERE `itemtype` = '".$_POST["itemtype"]."'".
"AND `instantiation_type`".
"= '".$_POST['instantiation_type']."'))",
'update_item' => array('value_fieldname'
=> 'item',
'to_update'
=> "results_item_$rand",
'url' => $CFG_GLPI["root_doc"].
"/ajax/dropdownConnectNetworkPort.php",
'moreparams'
=> array('networkports_id'
=> $_POST['networkports_id'],
'itemtype'
=> $_POST['itemtype'],
'myname'
=> $_POST['myname'],
'instantiation_type'
=> $_POST['instantiation_type'])));
$toupdate = array('value_fieldname' => 'item',
'to_update' => "results_item_$rand",
'url' => $CFG_GLPI["root_doc"]."/ajax/dropdownConnectNetworkPort.php",
'moreparams' => array('networkports_id' => $_POST['networkports_id'],
'itemtype' => $_POST['itemtype'],
'myname' => $_POST['myname'],
'instantiation_type' => $_POST['instantiation_type']));
$params = array('rand' => $rand,
'name' => "items",
'entity' => $_POST["entity_restrict"],
// Beware: '\n' inside condition is transformed to 'n' in SQL request
// so don't cut this SQL request !
'condition' => "(`id` in (SELECT `items_id`".
"FROM `glpi_networkports`".
"WHERE `itemtype` = '".$_POST["itemtype"]."'".
"AND `instantiation_type`".
"= '".$_POST['instantiation_type']."'))",
'toupdate' => $toupdate);
$default = "<select name='NetworkPortConnect_item'>".
"<option value='0'>".Dropdown::EMPTY_VALUE."</option>".
"</select>\n";
Ajax::dropdown($use_ajax, "/ajax/dropdownValue.php", $paramsconnectpdt, $default, $rand);
Dropdown::show($_POST['itemtype'], $params);
echo "<span id='results_item_$rand'>";
echo "</span>\n";
......
ajax/dropdownDelegationUsers.php
View file @ 5b2033cf
......@@ -52,11 +52,6 @@ if ($_POST["nodelegate"] == 1) {
$_POST['_right'] = "delegate";
}
if (isset($_POST['_users_id_requester_notif']) && !empty($_POST['_users_id_requester_notif'])) {
$_POST['_users_id_requester_notif']
= Toolbox::decodeArrayFromInput($_POST['_users_id_requester_notif']);
}
$ticket = new Ticket();
$ticket->showActorAddFormOnCreate(Ticket_User::REQUESTER, $_POST);
?>
\ No newline at end of file
ajax/dropdownFieldsBlacklist.php
View file @ 5b2033cf
......@@ -37,7 +37,7 @@ if (strpos($_SERVER['PHP_SELF'],"dropdownFieldsBlacklist.php")) {
Html::header_nocache();
}
Session::checkRight("config", "w");
Session::checkRight("config", UPDATE);
$field = new Fieldblacklist();
if ($_POST['id'] > 0) {
......
ajax/dropdownInstallVersion.php
View file @ 5b2033cf
......@@ -38,7 +38,7 @@ if (strpos($_SERVER['PHP_SELF'],"dropdownInstallVersion.php")) {
Html::header_nocache();
}
Session::checkRight("software", "w");
Session::checkRight("software", UPDATE);
if ($_POST['softwares_id'] > 0) {
if (!isset($_POST['value'])) {
......@@ -48,11 +48,7 @@ if ($_POST['softwares_id'] > 0) {
$where = '';
if (isset($_POST['used'])) {
if (is_array($_POST['used'])) {
$used = $_POST['used'];
} else {
$used = Toolbox::decodeArrayFromInput($_POST['used']);
}
$used = $_POST['used'];
if (count($used)) {
$where = " AND `glpi_softwareversions`.`id` NOT IN ('".implode("','",$used)."')";
......@@ -69,11 +65,7 @@ if ($_POST['softwares_id'] > 0) {
$result = $DB->query($query);
$number = $DB->numrows($result);
echo "<select name='".$_POST['myname']."' size='1'>";
echo "<option value='0'>".Dropdown::EMPTY_VALUE."</option>";
$today = date("Y-m-d");
$values = array(0 => Dropdown::EMPTY_VALUE);
if ($number) {
while ($data = $DB->fetch_assoc($result)) {
$ID = $data['id'];
......@@ -85,10 +77,11 @@ if ($_POST['softwares_id'] > 0) {
if (!empty($data['sname'])) {
$output = sprintf(__('%1$s - %2$s'), $output, $data['sname']);
}
echo "<option ".($ID==$_POST['value']?"selected":"")." value='$ID' title=\"".
Html::cleanInputText($output)."\">".$output."</option>";
$values = array($ID => $output);
}
}
echo "</select>&nbsp;";
Dropdown::showFromArray($_POST['myname'], $values);
}
?>
ajax/dropdownMassiveAction.php
View file @ 5b2033cf
......@@ -36,68 +36,16 @@ include ('../inc/includes.php');
header("Content-Type: text/html; charset=UTF-8");
Html::header_nocache();
try {
$ma = new MassiveAction($_POST, $_GET, 'specialize');
} catch (Exception $e) {
echo "<div class='center'><img src='".$CFG_GLPI["root_doc"]."/pics/warning.png' alt='".
__s('Warning')."'><br><br>";
echo "<span class='b'>".$e->getMessage()."</span><br>";