rework logic of functions to be more verbose about errors. Implement javascript Nonce support when view=none

This commit is contained in:
Isaac Connor 2019-01-17 08:50:33 -05:00
parent 1f3da476b8
commit 599769b701
2 changed files with 37 additions and 28 deletions

View File

@ -20,8 +20,16 @@
// Monitor edit actions, require a monitor id and edit permissions for that monitor
if ( !empty($_REQUEST['mid']) && canEdit('Monitors', $_REQUEST['mid']) ) {
if ( empty($_REQUEST['mid']) ) {
Error("Must specify mid");
return;
}
$mid = validInt($_REQUEST['mid']);
if ( !canEdit('Monitors', $mid) ) {
Error("You do not have permission to edit monitor $mid");
return;
}
if ( $action == 'function' ) {
$monitor = dbFetchOne('SELECT * FROM Monitors WHERE Id=?', NULL, array($mid));
@ -43,8 +51,10 @@ if ( !empty($_REQUEST['mid']) && canEdit('Monitors', $_REQUEST['mid']) ) {
zmaControl($monitor, 'start');
}
$refreshParent = true;
} else {
Logger::Debug("No change to function, not doing anything.");
}
} // end if action
$view = 'none';
} // end if $mid and canEdit($mid)
$closePopup = true;
?>

View File

@ -25,14 +25,13 @@ $skinJsFile = getSkinFile( 'js/skin.js' );
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title><?php echo ZM_WEB_TITLE_PREFIX ?></title>
<script type="text/javascript">
<script nonce="<?php echo $cspNonce ?>">
<?php
require_once( $skinJsPhpFile );
?>
</script>
<script type="text/javascript" src="<?php echo $skinJsFile ?>"></script>
<script type="text/javascript">
<script src="<?php echo $skinJsFile ?>"></script>
<script nonce="<?php echo $cspNonce ?>">
<?php
if ( !$debug ) {
?>