Danish translations by Henrick Schack

2006-11-02 11:26:10 +00:00
parent 2998a45a8b
commit b79c62da35
7 changed files with 733 additions and 463 deletions
--- a/include/admin/images.inc.php
+++ b/include/admin/images.inc.php
@ -189,6 +189,11 @@ switch ($serendipity['GET']['adminAction']) {
        $serendipity['POST']['target_directory'][$tindex] = serendipity_uploadSecure($serendipity['POST']['target_directory'][$tindex], true, true);
        $target = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $serendipity['POST']['target_directory'][$tindex] . $tfile;

+        if (!serendipity_checkDirUpload($serendipity['POST']['target_directory'][$tindex])) {
+            echo PERM_DENIED;
+            return;
+        }
+
        $realname = $tfile;
        if (file_exists($target)) {
            echo '(' . $target . ') ' . ERROR_FILE_EXISTS_ALREADY . '<br />';
@ -276,6 +281,12 @@ switch ($serendipity['GET']['adminAction']) {
            }

            $serendipity['POST']['target_directory'][$idx] = serendipity_uploadSecure($serendipity['POST']['target_directory'][$idx], true, true);
+
+            if (!serendipity_checkDirUpload($serendipity['POST']['target_directory'][$idx])) {
+                echo PERM_DENIED;
+                continue;
+            }
+
            $target = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $serendipity['POST']['target_directory'][$idx] . $tfile;

            $realname = $tfile;
--- a/include/functions_images.inc.php
+++ b/include/functions_images.inc.php
@ -3299,3 +3299,41 @@ function &serendipity_getMediaPaths() {

    return $paths;
 }
+
+/**
+ * Checks whether a user has access to write into a directory
+ *
+ * @access public
+ * @param   string Directory to check
+ * @return  boolean
+ */
+function serendipity_checkDirUpload($dir) {
+    global $serendipity;
+
+    /*
+    if (serendipity_checkPermission('adminImagesMaintainOthers')) {
+        return true;
+    }
+    */
+    
+    $allowed  = serendipity_ACLGet(0, 'directory', 'write', $dir);
+    $mygroups = serendipity_checkPermission(null, null, true);
+    
+    // Usergroup "0" always means that access is granted. If no array exists, no ACL restrictions have been set and all is fine.
+    if (!is_array($allowed) || isset($allowed[0])) {
+        return true;
+    }
+    
+    if (!is_array($mygroups)) {
+        return true;
+    }
+
+    foreach($mygroups AS $grpid => $grp) {
+        if (isset($allowed[$grpid])) {
+            return true;
+            break;
+        }
+    }
+    
+    return false;
+}