diff --git a/app/devices/device_vendor_function_edit.php b/app/devices/device_vendor_function_edit.php index 1e8c4f1b6e..d6a81c48f9 100644 --- a/app/devices/device_vendor_function_edit.php +++ b/app/devices/device_vendor_function_edit.php @@ -34,32 +34,6 @@ //set the defaults $device_vendor_function_uuid = ''; -//delete the group from the menu item - if (!empty($_REQUEST["a"]) && $_REQUEST["a"] == "delete" && permission_exists("device_vendor_function_delete") && !empty($_REQUEST["id"])) { - //get the id - $device_vendor_function_group_uuid = $_REQUEST["id"]; - $device_vendor_function_uuid = $_REQUEST["device_vendor_function_uuid"]; - $device_vendor_uuid = $_REQUEST["device_vendor_uuid"]; - - //delete the device vendor function group - $array['device_vendor_function_groups'][0]['device_vendor_function_group_uuid'] = $device_vendor_function_group_uuid; - - $p = permissions::new(); - $p->add('device_vendor_function_group_delete', 'temp'); - - $database->app_name = 'devices'; - $database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e'; - $database->delete($array); - unset($array); - - $p->delete('device_vendor_function_group_delete', 'temp'); - - //redirect the browser - message::add($text['message-delete'] ?? ''); - header("Location: device_vendor_function_edit.php?id=".escape($device_vendor_function_uuid) ."&device_vendor_uuid=".escape($device_vendor_uuid)); - exit; - } - //check permissions require_once "resources/check_auth.php"; if (permission_exists('device_vendor_function_add') || permission_exists('device_vendor_function_edit')) { @@ -98,6 +72,33 @@ $description = $_POST["description"]; } +//delete the group from the sub table + if (!empty($_POST["action"]) && $_POST["action"] === "delete" && permission_exists("device_vendor_function_group_delete") && is_uuid($_POST["device_vendor_function_group_uuid"])) { + //get the uuid + $device_vendor_function_group_uuid = $_POST["device_vendor_function_group_uuid"]; + + //validate the token + $token = new token; + if (!$token->validate($_SERVER['PHP_SELF'])) { + message::add($text['message-invalid_token'],'negative'); + header('Location: devices.php'); + exit; + } + + //delete the device vendor function group + $array['device_vendor_function_groups'][0]['device_vendor_function_group_uuid'] = $device_vendor_function_group_uuid; + $database = new database; + $database->app_name = 'devices'; + $database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e'; + $database->delete($array); + unset($array); + + //redirect the user + message::add($text['message-delete'] ?? ''); + header("Location: device_vendor_function_edit.php?id=".escape($device_vendor_function_uuid) ."&device_vendor_uuid=".escape($device_vendor_uuid)); + exit; + } + //process the http variables if (count($_POST) > 0 && empty($_POST["persistformvar"])) { @@ -335,18 +336,25 @@ echo " "; if (is_array($function_groups) && @sizeof($function_groups) != 0) { echo "\n"; + if (permission_exists('device_vendor_function_group_delete')) { + echo " \n"; + echo " \n"; + } + $x = 0; foreach ($function_groups as $field) { if (!empty($field['group_name'])) { echo "\n"; echo " \n"; - if (permission_exists('group_member_delete') || if_group("superadmin")) { + if (permission_exists('device_vendor_function_group_delete')) { echo " "; } echo "\n"; + $x++; } } echo "
"; echo $field['group_name'].(($field['group_domain_uuid'] != '') ? "@".$_SESSION['domains'][$field['group_domain_uuid']]['domain_name'] : null); echo " "; - echo "".$v_link_label_delete.""; + echo button::create(['type'=>'button','icon'=>'fas fa-minus','id'=>'btn_delete','class'=>'default list_control_icon','name'=>'btn_delete','onclick'=>"modal_open('modal-delete-group-$x','btn_delete');"]); + echo modal::create(['id'=>'modal-delete-group-'.$x,'type'=>'delete','actions'=>button::create(['type'=>'button','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_delete','style'=>'float: right; margin-left: 15px;','collapse'=>'never','onclick'=>"modal_close(); list_action_set('delete'); document.getElementById('device_vendor_function_group_uuid').value = '".escape($field['device_vendor_function_group_uuid'])."'; list_form_submit('frm');"])]); echo "
\n"; diff --git a/core/dashboard/dashboard_widget_edit.php b/core/dashboard/dashboard_widget_edit.php index 82050f7cbd..4c5adf926d 100644 --- a/core/dashboard/dashboard_widget_edit.php +++ b/core/dashboard/dashboard_widget_edit.php @@ -158,16 +158,25 @@ } //delete the group from the sub table - if (isset($_REQUEST["a"]) && $_REQUEST["a"] == "delete" && permission_exists("dashboard_widget_group_delete") && is_uuid($_GET["dashboard_widget_group_uuid"]) && is_uuid($_GET["dashboard_widget_uuid"])) { + if (!empty($_POST["action"]) && $_POST["action"] === "delete" && permission_exists("dashboard_widget_group_delete") && is_uuid($_POST["dashboard_widget_group_uuid"]) && is_uuid($_POST["dashboard_widget_uuid"])) { //get the uuid - $widget_group_uuid = $_GET["dashboard_widget_group_uuid"]; - $widget_uuid = $_GET["dashboard_widget_uuid"]; - //delete the group from the users + $widget_group_uuid = $_POST['dashboard_widget_group_uuid']; + + //validate the token + $token = new token; + if (!$token->validate($_SERVER['PHP_SELF'])) { + message::add($text['message-invalid_token'],'negative'); + header('Location: dashboard_edit.php?id='.urlencode($dashboard_uuid)); + exit; + } + + //delete the group from the widget $array['dashboard_widget_groups'][0]['dashboard_widget_group_uuid'] = $widget_group_uuid; $database->app_name = 'dashboard'; $database->app_uuid = '55533bef-4f04-434a-92af-999c1e9927f7'; $database->delete($array); unset($array); + //redirect the user message::add($text['message-delete']); header("Location: dashboard_widget_edit.php?id=".urlencode($dashboard_uuid)."&widget_uuid=".urlencode($widget_uuid)); @@ -180,7 +189,7 @@ $token = new token; if (!$token->validate($_SERVER['PHP_SELF'])) { message::add($text['message-invalid_token'],'negative'); - header('Location: dashboard.php'); + header('Location: dashboard_edit.php?id='.urlencode($dashboard_uuid)); exit; } @@ -988,18 +997,25 @@ document.addEventListener('DOMContentLoaded', function() { echo "\n"; if (is_array($widget_groups) && sizeof($widget_groups) != 0) { echo "\n"; + if (permission_exists('dashboard_widget_group_delete')) { + echo " \n"; + echo " \n"; + } + $x = 0; foreach($widget_groups as $field) { if (!empty($field['group_name'])) { echo "\n"; echo " \n"; - if (permission_exists('dashboard_widget_group_delete') || if_group("superadmin")) { + if (permission_exists('dashboard_widget_group_delete')) { echo " \n"; } echo "\n"; + $x++; } } echo "
\n"; echo $field['group_name'].((!empty($field['domain_uuid'])) ? "@".$_SESSION['domains'][$field['domain_uuid']]['domain_name'] : null); echo " \n"; - echo "".$v_link_label_delete."\n"; + echo button::create(['type'=>'button','icon'=>'fas fa-minus','id'=>'btn_delete','class'=>'default list_control_icon','name'=>'btn_delete','onclick'=>"modal_open('modal-delete-group-$x','btn_delete');"]); + echo modal::create(['id'=>'modal-delete-group-'.$x,'type'=>'delete','actions'=>button::create(['type'=>'button','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_delete','style'=>'float: right; margin-left: 15px;','collapse'=>'never','onclick'=>"modal_close(); list_action_set('delete'); document.getElementById('dashboard_widget_group_uuid').value = '".escape($field['dashboard_widget_group_uuid'])."'; list_form_submit('frm');"])]); echo "
\n"; diff --git a/core/menu/menu_item_edit.php b/core/menu/menu_item_edit.php index 5a96ba6467..3724988b9e 100644 --- a/core/menu/menu_item_edit.php +++ b/core/menu/menu_item_edit.php @@ -17,7 +17,7 @@ The Initial Developer of the Original Code is Mark J Crane - Portions created by the Initial Developer are Copyright (C) 2008-2024 + Portions created by the Initial Developer are Copyright (C) 2008-2025 the Initial Developer. All Rights Reserved. Contributor(s): @@ -72,18 +72,29 @@ } //delete the group from the menu item - if ($action == "delete" && permission_exists("menu_delete") && is_uuid($menu_item_group_uuid)) { - //delete the group from the users - $array['menu_item_groups'][0]['menu_item_group_uuid'] = $menu_item_group_uuid; - $database->app_name = 'menu'; - $database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7'; - $database->delete($array); - unset($array); + if (!empty($_POST["action"]) && $_POST["action"] === "delete" && permission_exists("menu_item_group_delete") && is_uuid($_POST["menu_item_group_uuid"])) { + //get the uuid + $menu_item_group_uuid = $_POST['menu_item_group_uuid']; + + //validate the token + $token = new token; + if (!$token->validate($_SERVER['PHP_SELF'])) { + message::add($text['message-invalid_token'],'negative'); + header('Location: menu.php'); + exit; + } + + //delete the group from the menu item + $array['menu_item_groups'][0]['menu_item_group_uuid'] = $menu_item_group_uuid; + $database->app_name = 'menu'; + $database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7'; + $database->delete($array); + unset($array); //redirect the browser - message::add($text['message-delete']); - header("Location: menu_item_edit.php?id=".urlencode($menu_uuid)."&menu_item_uuid=".urlencode($menu_item_uuid)."&menu_uuid=".urlencode($menu_uuid)); - return; + message::add($text['message-delete']); + header("Location: menu_item_edit.php?id=".urlencode($menu_uuid)."&menu_item_uuid=".urlencode($menu_item_uuid)."&menu_uuid=".urlencode($menu_uuid)); + return; } //action add or update @@ -502,18 +513,25 @@ echo " "; if (!empty($menu_item_groups) && sizeof($menu_item_groups) != 0) { echo "\n"; + if (permission_exists('menu_item_group_delete')) { + echo " \n"; + echo " \n"; + } + $x = 0; foreach($menu_item_groups as $field) { if (!empty($field['group_name'])) { echo "\n"; echo " \n"; - if (permission_exists('group_member_delete') || if_group("superadmin")) { + if (permission_exists('menu_item_group_delete')) { echo " "; } echo "\n"; + $x++; } } echo "
"; echo $field['group_name'].((!empty($field['group_domain_uuid'])) ? "@".$_SESSION['domains'][$field['group_domain_uuid']]['domain_name'] : null); echo " "; - echo "".$v_link_label_delete.""; + echo button::create(['type'=>'button','icon'=>'fas fa-minus','id'=>'btn_delete','class'=>'default list_control_icon','name'=>'btn_delete','onclick'=>"modal_open('modal-delete-group-$x','btn_delete');"]); + echo modal::create(['id'=>'modal-delete-group-'.$x,'type'=>'delete','actions'=>button::create(['type'=>'button','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_delete','style'=>'float: right; margin-left: 15px;','collapse'=>'never','onclick'=>"modal_close(); list_action_set('delete'); document.getElementById('menu_item_group_uuid').value = '".escape($field['menu_item_group_uuid'])."'; list_form_submit('frm');"])]); echo "
\n"; diff --git a/core/users/user_edit.php b/core/users/user_edit.php index 4313dec3b7..5cc43ac196 100644 --- a/core/users/user_edit.php +++ b/core/users/user_edit.php @@ -81,23 +81,26 @@ } //delete the group from the user - if (!empty($_GET["a"]) && $_GET["a"] == "delete" && is_uuid($_GET["group_uuid"]) && is_uuid($user_uuid) && permission_exists("user_delete")) { - //set the variables - $group_uuid = $_GET["group_uuid"]; - //delete the group from the users + if (!empty($_POST["action"]) && $_POST["action"] === "delete" && permission_exists("user_group_delete") && is_uuid($_POST["group_uuid"]) && is_uuid($user_uuid)) { + //get the uuid + $group_uuid = $_POST['group_uuid']; + + //validate the token + $token = new token; + if (!$token->validate($_SERVER['PHP_SELF'])) { + message::add($text['message-invalid_token'],'negative'); + header("Location: users.php"); + exit; + } + + //delete the group from the user $array['user_groups'][0]['group_uuid'] = $group_uuid; $array['user_groups'][0]['user_uuid'] = $user_uuid; - - $p = permissions::new(); - $p->add('user_group_delete', 'temp'); - $database->delete($array); unset($array); - $p->delete('user_group_delete', 'temp'); - //redirect the user - message::add($text['message-update']); + message::add($text['message-delete']); header("Location: user_edit.php?id=".urlencode($user_uuid)); exit; } @@ -993,15 +996,21 @@ $user_groups = $database->select($sql, $parameters, 'all'); if (is_array($user_groups)) { echo "\n"; + if (permission_exists('user_group_delete')) { + echo " \n"; + echo " \n"; + } + $x = 0; foreach($user_groups as $field) { if (!empty($field['group_name'])) { echo "\n"; echo " \n"; - if (permission_exists('user_group_delete') || if_group("superadmin")) { + if (permission_exists('user_group_delete')) { echo " \n"; } echo "\n"; @@ -1009,6 +1018,7 @@ $assigned_groups[] = $field['group_uuid']; } } + $x++; } echo "
"; echo escape($field['group_name']).((!empty($field['group_domain_uuid'])) ? "@".$_SESSION['domains'][$field['group_domain_uuid']]['domain_name'] : null); echo " \n"; - echo " ".$v_link_label_delete."\n"; + echo button::create(['type'=>'button','icon'=>'fas fa-minus','id'=>'btn_delete','class'=>'default list_control_icon','name'=>'btn_delete','onclick'=>"modal_open('modal-delete-group-$x','btn_delete');"]); + echo modal::create(['id'=>'modal-delete-group-'.$x,'type'=>'delete','actions'=>button::create(['type'=>'button','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_delete','style'=>'float: right; margin-left: 15px;','collapse'=>'never','onclick'=>"modal_close(); list_action_set('delete'); document.getElementById('group_uuid').value = '".escape($field['group_uuid'])."'; list_form_submit('frm');"])]); echo "
\n"; }