修复默认模板下普通用户使用文件管理和分享管理可以查看所有数据问题 (#286)

5 months ago · a46642b723
9 changed files with 25 additions and 12 deletions
--- a/core/class/helper/helper_browser.php
+++ b/core/class/helper/helper_browser.php
@ -172,8 +172,6 @@ class helper_browser
        } elseif (preg_match("/Mac/i", $agent) && preg_match("/Macintosh/i", $agent)) {
            $os = array('Macintosh' => true);
        }
-
-
        return $os;
    }
 }
--- a/core/class/table/table_syscache.php
+++ b/core/class/table/table_syscache.php
@ -83,7 +83,7 @@ class table_syscache extends dzz_table
 		return $data;
 	}

-	public function insert($cachename, $data) {
+	public function insert($cachename, $data= false, $replace = false, $silent = false) {
 		parent::insert(array(
 			'cname' => $cachename,
 			'ctype' => is_array($data) ? 1 : 0,
--- a/dzz/filemanage/index.php
+++ b/dzz/filemanage/index.php
@ -286,8 +286,14 @@ if ($do == 'delete') {
 			}
 		}
 		$limitsql = 'limit ' . $start . ',' . $perpage;
-		if ($count = DB::result_first("SELECT COUNT(*) FROM " . DB::table('resources') . " WHERE $sql", $param)) {
-			$data = DB::fetch_all("SELECT rid FROM " . DB::table('resources') . " WHERE $sql $order $limitsql", $param);
+		if ($_G['adminid']) {
+			$whereClause = $sql;
+		} else {
+			$whereClause = "uid = $uid AND $sql";
+		}
+		$count = DB::result_first("SELECT COUNT(*) FROM " . DB::table('resources') . " WHERE $whereClause", $param);
+		if ($count) {
+			$data = DB::fetch_all("SELECT rid FROM " . DB::table('resources') . " WHERE $whereClause $order $limitsql", $param);
 			$multi = multi($count, $perpage, $page, $theurl);
 		}
 		$list = array();
--- a/dzz/function/function_appperm.php
+++ b/dzz/function/function_appperm.php
@ -17,9 +17,9 @@ if (CURMODULE) {
 		global $global_appinfo;
        $global_appinfo = $appinfo;
 		if ($_G['adminid']) return;
+		if (!$appinfo['available']) showmessage($appinfo['appname'].' 应用已关闭，请联系管理员。');
 		if ($appinfo['group'] == 0) return;
 		if ($_G['uid']) {
-			if (!$appinfo['available']) showmessage($appinfo['appname'].' 应用已关闭，请联系管理员。');
 			if ($appinfo['group'] == -1) showmessage($appinfo['appname'].' 应用仅限游客访问，请联系管理员。');
 			if ($appinfo['group'] == 3) showmessage($appinfo['appname'].' 应用仅限管理员访问，请联系管理员。');
 			$apps = C::t('app_market')->fetch_all_by_default($_G['uid'],true);
--- a/dzz/share/index.php
+++ b/dzz/share/index.php
@ -96,6 +96,7 @@ if ($do == 'getinfo') {
    $username = trim($_GET['username']);
    $asc = isset($_GET['asc']) ? intval($_GET['asc']) : 1;
    $uid = intval($_GET['uid']);
+    $uid1=$_G['uid'];
    $order = in_array($_GET['order'], array('title', 'dateline', 'type', 'size', 'count')) ? trim($_GET['order']) : 'dateline';
    $gets = array('mod' => 'share', 'type' => $type, 'keyword' => $keyword, 'order' => $order, 'asc' => $asc, 'uid' => $uid, 'username' => $username);
    $theurl = BASESCRIPT . "?" . url_implode($gets);
@ -123,8 +124,16 @@ if ($do == 'getinfo') {
      $param[] = $uid;
    } 
    $list = array();
-    if ($count = DB::result_first("SELECT COUNT(*) FROM %t WHERE $sql", $param)) {
-      $list = DB::fetch_all("SELECT * FROM %t WHERE $sql $orderby limit $start,$limit", $param); 
+    if ($_G['adminid']) {
+      if ($count = DB::result_first("SELECT COUNT(*) FROM %t WHERE $sql", $param)) {
+        $list = DB::fetch_all("SELECT * FROM %t WHERE $sql $orderby limit $start,$limit", $param);
+      }
+    }else{
+      if ($count = DB::result_first("SELECT COUNT(*) FROM %t WHERE uid =$uid1 and $sql", $param)) {
+        $list = DB::fetch_all("SELECT * FROM %t WHERE uid =$uid1 and $sql $orderby limit $start,$limit", $param);
+      }
+    }
+    if ($count) {
      foreach ($list as $k=> $value) {
        $value['sharelink'] =  C::t('shorturl')->getShortUrl(getglobal('siteurl').'index.php?mod=shares&sid='.dzzencode($value['id']));
        if ($value['dateline'])
--- a/dzz/template/lyear/lyear_header_left.htm
+++ b/dzz/template/lyear/lyear_header_left.htm
@ -1,5 +1,5 @@
 <div id="logo" class="sidebar-header">
-	<a class="text-white text-truncate lead" href="{$_G[siteurl]}">
+	<a class="text-white text-truncate lead" href="{$_G[siteurl]}" title="">
 	  <img src="<!--{if !$_G['setting']['bbclosed']}-->{eval echo $_G['setting']['sitelogo']?'index.php?mod=io&op=thumbnail&size=small&path='.dzzencode('attach::'.$_G['setting']['sitelogo']):'static/image/common/logo.png';}<!--{else}-->static/image/common/logo.png<!--{/if}-->">
 	  <!--{if $global_appinfo['appname']}-->$global_appinfo['appname']<!--{else}-->{lang appname}<!--{/if}-->
 	</a>
--- a/user/login/template/lyear/login_single1.htm
+++ b/user/login/template/lyear/login_single1.htm
@ -14,7 +14,7 @@
 <div class="card card-shadowed p-5 mb-0 mr-2 ml-2" style="width: 420px;">
 	<div class="card-body text-center">
 		<div class="text-center mb-3">
-			<img alt="light year admin" src="<!--{if $_G['setting']['bbclosed']}-->static/image/common/logo.png<!--{else}-->{eval echo $_G['setting']['sitelogo']?'index.php?mod=io&op=thumbnail&size=small&path='.dzzencode('attach::'.$_G['setting']['sitelogo']):'static/image/common/logo.png';}<!--{/if}-->">
+			<img src="<!--{if $_G['setting']['bbclosed']}-->static/image/common/logo.png<!--{else}-->{eval echo $_G['setting']['sitelogo']?'index.php?mod=io&op=thumbnail&size=small&path='.dzzencode('attach::'.$_G['setting']['sitelogo']):'static/image/common/logo.png';}<!--{/if}-->">
 		</div>
 		<!--{if $_G[setting][loginset][title]}-->
 		<h2 class="main-title">$_G[setting][loginset][title]</h2>
--- a/user/login/template/lyear/login_single2.htm
+++ b/user/login/template/lyear/login_single2.htm
@ -43,7 +43,7 @@
 	<!--{/if}-->
 	<div class="signin-box p-5 mb-0 mr-2 ml-2 rounded-5">
 	  <div class="text-center mb-3">
-		<img alt="light year admin" src="<!--{if $_G['setting']['bbclosed']}-->static/image/common/logo.png<!--{else}-->{eval echo $_G['setting']['sitelogo']?'index.php?mod=io&op=thumbnail&size=small&path='.dzzencode('attach::'.$_G['setting']['sitelogo']):'static/image/common/logo.png';}<!--{/if}-->">
+		<img src="<!--{if $_G['setting']['bbclosed']}-->static/image/common/logo.png<!--{else}-->{eval echo $_G['setting']['sitelogo']?'index.php?mod=io&op=thumbnail&size=small&path='.dzzencode('attach::'.$_G['setting']['sitelogo']):'static/image/common/logo.png';}<!--{/if}-->">
 		<!--{if $_G[setting][loginset][title]}-->
 		<h2 class="main-title">$_G[setting][loginset][title]</h2>
 		<!--{/if}--> 
--- a/user/login/template/lyear/login_single3.htm
+++ b/user/login/template/lyear/login_single3.htm
@ -14,7 +14,7 @@
 	  <div class="col-md-6 col-lg-5 col-xl-4 align-self-center">
 		<div class="p-5">
 		  <div class="text-center">
-			<img alt="light year admin" src="<!--{if $_G['setting']['bbclosed']}-->static/image/common/logo.png<!--{else}-->{eval echo $_G['setting']['sitelogo']?'index.php?mod=io&op=thumbnail&size=small&path='.dzzencode('attach::'.$_G['setting']['sitelogo']):'static/image/common/logo.png';}<!--{/if}-->">
+			<img src="<!--{if $_G['setting']['bbclosed']}-->static/image/common/logo.png<!--{else}-->{eval echo $_G['setting']['sitelogo']?'index.php?mod=io&op=thumbnail&size=small&path='.dzzencode('attach::'.$_G['setting']['sitelogo']):'static/image/common/logo.png';}<!--{/if}-->">
 			 <!--{if $_G[setting][loginset][title]}-->
 			<h2 class="main-title">$_G[setting][loginset][title]</h2>
 			<!--{/if}-->