diff --git a/classes/context/Context.class.php b/classes/context/Context.class.php index 1ed44854d..2f8ca22e6 100644 --- a/classes/context/Context.class.php +++ b/classes/context/Context.class.php @@ -367,6 +367,8 @@ class Context $this->allow_rewrite = ($this->db_info->use_rewrite == 'Y' ? TRUE : FALSE); // set locations for javascript use + $url = array(); + $current_url = self::getRequestUri(); if($_SERVER['REQUEST_METHOD'] == 'GET') { if($this->get_vars) @@ -386,17 +388,21 @@ class Context $url[] = $key . '=' . urlencode($val); } } - $this->set('current_url', self::getRequestUri() . '?' . join('&', $url)); + + $current_url = self::getRequestUri(); + if($url) $current_url .= '?' . join('&', $url); } else { - $this->set('current_url', $this->getUrl()); + $current_url = $this->getUrl(); } } else { - $this->set('current_url', self::getRequestUri()); + $current_url = self::getRequestUri(); } + + $this->set('current_url', $current_url); $this->set('request_uri', self::getRequestUri()); } @@ -1157,6 +1163,7 @@ class Context { continue; } + $key = htmlentities($key); $val = $this->_filterRequestVar($key, $val); if($requestMethod == 'GET' && isset($_GET[$key])) diff --git a/common/tpl/redirect.html b/common/tpl/redirect.html index 72a28491c..e785edf71 100644 --- a/common/tpl/redirect.html +++ b/common/tpl/redirect.html @@ -5,8 +5,9 @@ - \ No newline at end of file + diff --git a/config/config.inc.php b/config/config.inc.php index 5a4ec825f..d566e24dc 100644 --- a/config/config.inc.php +++ b/config/config.inc.php @@ -29,7 +29,7 @@ define('__ZBXE__', __XE__); /** * Display XE's full version. */ -define('__XE_VERSION__', '1.7.10'); +define('__XE_VERSION__', '1.7.11'); define('__XE_VERSION_ALPHA__', (stripos(__XE_VERSION__, 'alpha') !== false)); define('__XE_VERSION_BETA__', (stripos(__XE_VERSION__, 'beta') !== false)); define('__XE_VERSION_RC__', (stripos(__XE_VERSION__, 'rc') !== false)); diff --git a/modules/board/board.view.php b/modules/board/board.view.php index 97465b585..18aeed71a 100644 --- a/modules/board/board.view.php +++ b/modules/board/board.view.php @@ -267,6 +267,15 @@ class boardView extends board } } + // if the document is TEMP saved, check Grant + if($oDocument->getStatus() == 'TEMP') + { + if(!$oDocument->isGranted()) + { + $oDocument = $oDocumentModel->getDocument(0); + } + } + } else { diff --git a/modules/document/document.controller.php b/modules/document/document.controller.php index 4a2bedfd0..05f9ecafc 100644 --- a/modules/document/document.controller.php +++ b/modules/document/document.controller.php @@ -876,7 +876,10 @@ class documentController extends document } // Register session - $_SESSION['readed_document'][$document_srl] = true; + if(!$_SESSION['banned_document'][$document_srl]) + { + $_SESSION['readed_document'][$document_srl] = true; + } return TRUE; } diff --git a/modules/point/point.controller.php b/modules/point/point.controller.php index 3e7cdc3c1..3337b5514 100644 --- a/modules/point/point.controller.php +++ b/modules/point/point.controller.php @@ -420,10 +420,12 @@ class pointController extends point // Get the defaul configurations of the Point Module $config = $oModuleModel->getModuleConfig('point'); // When the requested points are negative, compared it with the current point + $_SESSION['banned_document'][$obj->document_srl] = false; if($config->disable_read_document == 'Y' && $point < 0 && abs($point)>$cur_point) { $message = sprintf(Context::getLang('msg_disallow_by_point'), abs($point), $cur_point); $obj->add('content', $message); + $_SESSION['banned_document'][$obj->document_srl] = true; return new Object(-1, $message); } // If not logged in, pass