Removed permissions check when creating new log entries. Instead check that request is 'post'ed and moved some other requests to be 'post' only.

git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@3509 e3e1d417-86f3-4887-817a-d78f3d33393f
This commit is contained in:
stan 2011-08-26 10:50:50 +00:00
parent f74f893651
commit 8b86c9af58
1 changed files with 29 additions and 28 deletions

View File

@ -4,23 +4,24 @@ switch ( $_REQUEST['task'] )
{
case 'create' :
{
if ( !canEdit( 'System' ) )
ajaxError( 'Insufficient permissions to create new log entry' );
// Silently ignore bogus requests
if ( !empty($_POST['level']) && !empty($_POST['message']) )
{
logInit( array( 'id' => "web_js" ) );
$string = $_REQUEST['message'];
$file = preg_replace( '/\w+:\/\/\w+\//', '', $_REQUEST['file'] );
if ( !empty( $_REQUEST['line'] ) )
$line = $_REQUEST['line'];
$string = $_POST['message'];
$file = preg_replace( '/\w+:\/\/\w+\//', '', $_POST['file'] );
if ( !empty( $_POST['line'] ) )
$line = $_POST['line'];
else
$line = NULL;
$levels = array_flip(Logger::$codes);
if ( !isset($levels[$_REQUEST['level']]) )
Panic( "Unexpected logger level '".$_REQUEST['level']."'" );
$level = $levels[$_REQUEST['level']];
if ( !isset($levels[$_POST['level']]) )
Panic( "Unexpected logger level '".$_POST['level']."'" );
$level = $levels[$_POST['level']];
Logger::fetch()->logPrint( $level, $string, $file, $line );
}
ajaxResponse();
break;
}
@ -29,12 +30,12 @@ switch ( $_REQUEST['task'] )
if ( !canView( 'System' ) )
ajaxError( 'Insufficient permissions to view log entries' );
$minTime = isset($_REQUEST['minTime'])?$_REQUEST['minTime']:NULL;
$maxTime = isset($_REQUEST['maxTime'])?$_REQUEST['maxTime']:NULL;
$limit = isset($_REQUEST['limit'])?$_REQUEST['limit']:1000;
$filter = isset($_REQUEST['filter'])?$_REQUEST['filter']:array();
$sortField = isset($_REQUEST['sortField'])?$_REQUEST['sortField']:'TimeKey';
$sortOrder = isset($_REQUEST['sortOrder'])?$_REQUEST['sortOrder']:'desc';
$minTime = isset($_POST['minTime'])?$_POST['minTime']:NULL;
$maxTime = isset($_POST['maxTime'])?$_POST['maxTime']:NULL;
$limit = isset($_POST['limit'])?$_POST['limit']:1000;
$filter = isset($_POST['filter'])?$_POST['filter']:array();
$sortField = isset($_POST['sortField'])?$_POST['sortField']:'TimeKey';
$sortOrder = isset($_POST['sortOrder'])?$_POST['sortOrder']:'desc';
$filterFields = array( 'Component', 'Pid', 'Level', 'File', 'Line' );
@ -110,18 +111,18 @@ switch ( $_REQUEST['task'] )
if ( !canView( 'System' ) )
ajaxError( 'Insufficient permissions to export logs' );
$minTime = isset($_REQUEST['minTime'])?$_REQUEST['minTime']:NULL;
$maxTime = isset($_REQUEST['maxTime'])?$_REQUEST['maxTime']:NULL;
$minTime = isset($_POST['minTime'])?$_POST['minTime']:NULL;
$maxTime = isset($_POST['maxTime'])?$_POST['maxTime']:NULL;
if ( !is_null($minTime) && !is_null($maxTime) && $minTime > $maxTime )
{
$tempTime = $minTime;
$minTime = $maxTime;
$maxTime = $tempTime;
}
//$limit = isset($_REQUEST['limit'])?$_REQUEST['limit']:1000;
$filter = isset($_REQUEST['filter'])?$_REQUEST['filter']:array();
$sortField = isset($_REQUEST['sortField'])?$_REQUEST['sortField']:'TimeKey';
$sortOrder = isset($_REQUEST['sortOrder'])?$_REQUEST['sortOrder']:'asc';
//$limit = isset($_POST['limit'])?$_POST['limit']:1000;
$filter = isset($_POST['filter'])?$_POST['filter']:array();
$sortField = isset($_POST['sortField'])?$_POST['sortField']:'TimeKey';
$sortOrder = isset($_POST['sortOrder'])?$_POST['sortOrder']:'asc';
$sql = "select * from Logs";
$where = array();
@ -147,7 +148,7 @@ switch ( $_REQUEST['task'] )
$sql.= " where ".join( " and ", $where );
$sql .= " order by ".dbEscape($sortField)." ".dbEscape($sortOrder);
//$sql .= " limit ".dbEscape($limit);
$format = isset($_REQUEST['format'])?$_REQUEST['format']:'text';
$format = isset($_POST['format'])?$_POST['format']:'text';
switch( $format )
{
case 'text' :