From 792051f3f66e4c09846d1e742d648f57bec983d3 Mon Sep 17 00:00:00 2001 From: =?utf8?q?St=C3=A9phane=20Jacob?= Date: Wed, 27 Oct 2010 14:23:20 +0200 Subject: [PATCH] Enables access to profile edition pages without providing hrpid, or providing hrpid and page name in the wrong order. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Stéphane Jacob --- modules/profile.php | 34 +++++++++++++++++++++++----------- 1 file changed, 23 insertions(+), 11 deletions(-) diff --git a/modules/profile.php b/modules/profile.php index e3239d2..be8648e 100644 --- a/modules/profile.php +++ b/modules/profile.php @@ -139,25 +139,25 @@ class ProfileModule extends PLModule exit; } - /** Tries to return the correct user from given hrpid - * Will redirect to $returnurl$hrpid if $hrpid was empty + /** Tries to return the correct profile from a given hrpid. */ - private function findProfile($returnurl, $hrpid = null) + private function findProfile($hrpid = null) { if (is_null($hrpid)) { $user = S::user(); if (!$user->hasProfile()) { return PL_NOT_FOUND; } else { - pl_redirect($returnurl . $user->profile()->hrid()); + $profile = $user->profile(); } } else { $profile = Profile::get($hrpid); - if (!$profile) { - return PL_NOT_FOUND; - } else if (!S::user()->canEdit($profile) && Platal::notAllowed()) { - return PL_FORBIDDEN; - } + } + + if (!$profile) { + return PL_NOT_FOUND; + } else if (!S::user()->canEdit($profile) && Platal::notAllowed()) { + return PL_FORBIDDEN; } return $profile; } @@ -165,10 +165,13 @@ class ProfileModule extends PLModule function handler_photo_change(&$page, $hrpid = null) { global $globals; - $profile = $this->findProfile('photo/change/', $hrpid); + $profile = $this->findProfile($hrpid); if (! ($profile instanceof Profile) && ($profile == PL_NOT_FOUND || $profile == PL_FORBIDDEN)) { return $profile; } + if (is_null($hrpid)) { + pl_redirect('photo/change/' . $profile->hrid()); + } $page->changeTpl('profile/trombino.tpl'); $page->assign('hrpid', $profile->hrid()); @@ -310,10 +313,19 @@ class ProfileModule extends PLModule { global $globals; - $profile = $this->findProfile('profile/edit/', $hrpid); + if (in_array($hrpid, array('general', 'adresses', 'emploi', 'poly', 'deco', 'skill', 'mentor'))) { + $aux = $opened_tab; + $opened_tab = $hrpid; + $hrpid = $aux; + $url_error = true; + } + $profile = $this->findProfile($hrpid); if (! ($profile instanceof Profile) && ($profile == PL_NOT_FOUND || $profile == PL_FORBIDDEN)) { return $profile; } + if (is_null($hrpid) || $url_error) { + pl_redirect('profile/edit/' . $profile->hrid() . (is_null($opened_tab) ? '' : '/' . $opened_tab)); + } // Build the page $page->addJsLink('ajax.js'); -- 2.1.4