| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
When invoked through invokeServices('content_verify_access'), $pHash is null,
so in_array always fails and protected content blocks everyone. Derive roles
from $gBitUser when $pHash is not supplied, matching protector_content_load.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
|
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
|
For anonymous users getRoles() returns an empty array, producing IN()
with no values — invalid Firebird SQL (-104 Token unknown).
Apply the standard guard so anonymous requests get IN(-1) instead,
matching the anonymous role_id. Affects both protector_content_list()
and protector_content_load().
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
|
Replace all {booticon iname="icon-*"} and {booticon iname="fa-*"} calls with
{biticon ipackage="icons" iname="<freedesktop-name>"} using the tango iconset.
Mapping covers ~70 distinct old names to tango equivalents (edit-delete,
document-properties, go-next, lock, internet-mail, etc.).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
|
- storeProtection: check isset(role_id) and valid content_id rather than
verifyId(role_id) — role_id=-1 (System Default) now correctly DELETEs
any existing role restriction instead of being skipped entirely
- getProtectionList: remove garbled dead initialiser, use verifyId() guard
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
|
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
|
|
|
|
|
|
|
|
|
on nginx (tested) or X-Sendfile on apache (untested). Originally to secure private content, but complicated by the need to hide thumbnails as well, which are now sorted by auth_request on nginx, but need looking at on apache.
|
|
|
|
field to allow search of pdf documents
|
|
templates and related to mistake in processing {2} elements that should use curly brackets and not revert to square ones.
|
|
|
|
arry format tidy
|
|
|
|
|
