bashclub/piler
1
0
Fork 0
mirror of https://bitbucket.org/jsuto/piler.git synced 2025-06-12 23:17:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

audit fixes

Browse Source
This commit is contained in:
SJ
2013-03-21 20:26:49 +01:00
parent 01c2427391
commit 7463721c2a
7 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
webui/controller/audit/helper.php
View File

@ -61,6 +61,8 @@ class ControllerAuditHelper extends Controller {
$this->data['actions'][ACTION_CHANGE_USER_SETTINGS] = $this->data['text_change_user_settings'];
$this->data['actions'][ACTION_REMOVE_MESSAGE] = $this->data['text_remove_message2'];
$this->data['actions'][ACTION_UNAUTHORIZED_REMOVE_MESSAGE] = $this->data['text_unauthorized_remove_message'];
$this->data['actions'][ACTION_DOWNLOAD_ATTACHMENT] = $this->data['text_download_attachment2'];
$this->data['actions'][ACTION_UNAUTHORIZED_DOWNLOAD_ATTACHMENT] = $this->data['text_unauthorized_download_attachment'];

6
webui/controller/message/attachment.php
View File

@ -19,6 +19,8 @@ class ControllerMessageAttachment extends Controller {
$this->data['id'] = @$this->request->get['id'];
$messageid = 0;
if(!verify_piler_id($this->data['id'])) {
AUDIT(ACTION_UNKNOWN, '', '', $this->data['id'], 'unknown id: ' . $this->data['id']);
die("invalid id: " . $this->data['id']);
@ -31,7 +33,9 @@ class ControllerMessageAttachment extends Controller {
}
AUDIT(ACTION_DOWNLOAD_ATTACHMENT, '', '', $this->data['id'], '');
$messageid = $this->model_search_message->get_id_by_piler_id($this->data['attachment']['piler_id']);
AUDIT(ACTION_DOWNLOAD_ATTACHMENT, '', '', $messageid, $this->data['id']);
header("Cache-Control: public, must-revalidate");
header("Pragma: no-cache");