mirror of
https://github.com/FH-Complete/FHC-Core.git
synced 2026-06-01 20:29:29 +00:00
Sicherheitslücke in Gruppenverwaltung behoben, Hintergrundfarbe für JS-Tree entfernt
This commit is contained in:
Andreas Österreicher
@@ -17,7 +17,7 @@
|
||||
.jstree-default a .jstree-icon { background-position:-56px -19px; }
|
||||
.jstree-default a.jstree-loading .jstree-icon { background:url("throbber.gif") center center no-repeat !important; }
|
||||
|
||||
.jstree-default.jstree-focused { background:#ffffee; }
|
||||
/*.jstree-default.jstree-focused { background:#ffffee; }*/
|
||||
|
||||
.jstree-default .jstree-no-dots li,
|
||||
.jstree-default .jstree-no-dots .jstree-leaf > ins { background:transparent; }
|
||||
@@ -71,4 +71,4 @@
|
||||
.jstree-default .jstree-undetermined a .jstree-checkbox { _background-position:-20px -19px; }
|
||||
.jstree-default .jstree-checked a .jstree-checkbox { _background-position:-38px -19px; }
|
||||
.jstree-default .jstree-unchecked a .jstree-checkbox { _background-position:-2px -19px; }
|
||||
/* IE6 END */
|
||||
/* IE6 END */
|
||||
|
||||
@@ -73,7 +73,7 @@ class lehrverband extends basis_db
|
||||
}
|
||||
else
|
||||
{
|
||||
$this->errormsg = 'Fehler bei Abfrage: '.$qry;
|
||||
$this->errormsg = 'Fehler bei Abfrage';
|
||||
return false;
|
||||
}
|
||||
}
|
||||
@@ -199,9 +199,13 @@ class lehrverband extends basis_db
|
||||
}
|
||||
}
|
||||
|
||||
public function getSemesterFromStudiengang($studiengang_kz, $where)
|
||||
public function getSemesterFromStudiengang($studiengang_kz, $aktiv=false)
|
||||
{
|
||||
$qry = 'SELECT semester, aktiv FROM public.tbl_lehrverband WHERE studiengang_kz='.$this->db_add_param($studiengang_kz, FHC_INTEGER)." AND verband=' ' ".$where;
|
||||
$qry = 'SELECT semester, aktiv FROM public.tbl_lehrverband WHERE studiengang_kz='.$this->db_add_param($studiengang_kz, FHC_INTEGER)." AND verband=' ' ";
|
||||
|
||||
if($aktiv)
|
||||
$qry.= ' AND aktiv=true';
|
||||
|
||||
$qry .= ' GROUP BY semester, aktiv ORDER BY semester;';
|
||||
|
||||
if($this->db_query($qry))
|
||||
@@ -223,9 +227,11 @@ class lehrverband extends basis_db
|
||||
}
|
||||
}
|
||||
|
||||
public function getVerbandFromSemester($studiengang_kz, $semester, $where)
|
||||
public function getVerbandFromSemester($studiengang_kz, $semester, $aktiv=false)
|
||||
{
|
||||
$qry = 'SELECT verband, aktiv, bezeichnung FROM public.tbl_lehrverband WHERE studiengang_kz='.$this->db_add_param($studiengang_kz, FHC_INTEGER).' AND semester='.$this->db_add_param($semester, FHC_INTEGER)." AND gruppe=' ' ".$where;
|
||||
$qry = 'SELECT verband, aktiv, bezeichnung FROM public.tbl_lehrverband WHERE studiengang_kz='.$this->db_add_param($studiengang_kz, FHC_INTEGER).' AND semester='.$this->db_add_param($semester, FHC_INTEGER)." AND gruppe=' ' ";
|
||||
if($aktiv)
|
||||
$qry.=' AND aktiv=true';
|
||||
$qry .= ' GROUP BY verband, aktiv, bezeichnung ORDER BY verband;';
|
||||
|
||||
if($this->db_query($qry))
|
||||
@@ -248,9 +254,13 @@ class lehrverband extends basis_db
|
||||
}
|
||||
}
|
||||
|
||||
public function getGruppeFromVerband($studiengang_kz, $semester, $verband, $where)
|
||||
public function getGruppeFromVerband($studiengang_kz, $semester, $verband, $aktiv=false)
|
||||
{
|
||||
$qry = 'SELECT gruppe, bezeichnung, aktiv FROM public.tbl_lehrverband WHERE studiengang_kz='.$this->db_add_param($studiengang_kz, FHC_INTEGER).' AND semester='.$this->db_add_param($semester, FHC_INTEGER).' AND verband='.$this->db_add_param($verband, FHC_STRING).$where;
|
||||
$qry = 'SELECT gruppe, bezeichnung, aktiv FROM public.tbl_lehrverband WHERE studiengang_kz='.$this->db_add_param($studiengang_kz, FHC_INTEGER).' AND semester='.$this->db_add_param($semester, FHC_INTEGER).' AND verband='.$this->db_add_param($verband, FHC_STRING);
|
||||
if($aktiv)
|
||||
{
|
||||
$qry.=' AND aktiv=true';
|
||||
}
|
||||
$qry .= ' GROUP BY gruppe, bezeichnung, aktiv ORDER BY gruppe;';
|
||||
if($this->db_query($qry))
|
||||
{
|
||||
|
||||
@@ -19,18 +19,11 @@
|
||||
|
||||
$(document).ready(function() {
|
||||
var stdkz = $('select[name=studiengang_kz]').val();
|
||||
if (admin)
|
||||
{
|
||||
var where = " ";
|
||||
}
|
||||
else
|
||||
{
|
||||
var where = " AND aktiv=true";
|
||||
}
|
||||
|
||||
$.ajax({
|
||||
type: "POST",
|
||||
url: "lvbgruppenverwaltungTree.php",
|
||||
data: {studiengang_kz: stdkz, where: where}
|
||||
data: {studiengang_kz: stdkz}
|
||||
}).done(function(data) {
|
||||
if (data === "No Data available!")
|
||||
{
|
||||
@@ -239,4 +232,4 @@ function saveSpzGroup(studiengang_kz, kurzBz, type) {
|
||||
// stuff
|
||||
return false;
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
@@ -63,7 +63,7 @@ if (!$db = new basis_db())
|
||||
.detailsDiv {
|
||||
background-color: #E0E0E0;
|
||||
position: fixed;
|
||||
top: 10em;
|
||||
top: 5em;
|
||||
float: left;
|
||||
}
|
||||
|
||||
@@ -74,7 +74,7 @@ if (!$db = new basis_db())
|
||||
</style>
|
||||
|
||||
</head>
|
||||
<body class="background_main">
|
||||
<body>
|
||||
<h2>Gruppen - Verwaltung</h2>
|
||||
|
||||
<?php
|
||||
|
||||
@@ -30,15 +30,13 @@ require_once('../../include/benutzerberechtigung.class.php');
|
||||
|
||||
if (!$db = new basis_db())
|
||||
die('Es konnte keine Verbindung zum Server aufgebaut werden.');
|
||||
?>
|
||||
<?php
|
||||
|
||||
if (isset($_POST['studiengang_kz']) && is_numeric($_POST['studiengang_kz']))
|
||||
$studiengang_kz = $_POST['studiengang_kz'];
|
||||
else
|
||||
$studiengang_kz = '';
|
||||
|
||||
$user = get_uid();
|
||||
$where = $_POST["where"];
|
||||
|
||||
$studiengang = new studiengang();
|
||||
$studiengang->load($studiengang_kz);
|
||||
@@ -51,8 +49,9 @@ else
|
||||
$admin = false;
|
||||
|
||||
$lehrverband = new lehrverband();
|
||||
|
||||
//Semester des Studiengangs laden und ausgeben
|
||||
$semResult = $lehrverband->getSemesterFromStudiengang($studiengang_kz, $where);
|
||||
$semResult = $lehrverband->getSemesterFromStudiengang($studiengang_kz, !$admin);
|
||||
if ($semResult != false) {
|
||||
echo "<ul>";
|
||||
foreach ($semResult as $s) {
|
||||
@@ -66,7 +65,7 @@ if ($semResult != false) {
|
||||
</a>";
|
||||
|
||||
//Verbände des Semesters holen und ausgeben
|
||||
$verbandResult = $lehrverband->getVerbandFromSemester($studiengang_kz, $s["semester"], $where);
|
||||
$verbandResult = $lehrverband->getVerbandFromSemester($studiengang_kz, $s["semester"], !$admin);
|
||||
if ($verbandResult != false) {
|
||||
echo "<ul>";
|
||||
foreach ($verbandResult as $v) {
|
||||
@@ -80,7 +79,7 @@ if ($semResult != false) {
|
||||
Verband " . $verb . ($v["bezeichnung"] != '' ? " (" . $v["bezeichnung"] . ")" : '' ) . "
|
||||
</a>";
|
||||
//Gruppen des Verbandes holen und ausgeben
|
||||
$grpResult = $lehrverband->getGruppeFromVerband($studiengang_kz, $s["semester"], $v["verband"], $where);
|
||||
$grpResult = $lehrverband->getGruppeFromVerband($studiengang_kz, $s["semester"], $v["verband"], !$admin);
|
||||
if ($grpResult != null) {
|
||||
echo "<ul>";
|
||||
foreach ($grpResult as $g) {
|
||||
@@ -187,4 +186,4 @@ if ($semResult != false) {
|
||||
} else {
|
||||
echo "No Data available!";
|
||||
}
|
||||
?>
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user