--- docman.php 2002/07/29 12:34:18 1.29
+++ docman.php 2002/07/29 12:53:50 1.30
@@ -1008,6 +1008,9 @@
$file=basename($target);
$note=fopen("$dir/.note/$file","w");
+ if (! $note) {
+ Error("Error writing note","Can't open note file $dir/.note/$file for writing",1);
+ }
fputs($note,"$msg\n");
fclose($note);
@@ -1925,9 +1928,13 @@
safe_rename($fsDir,$FN,$NEWNAME);
break ;
- case "NOTE" :
- $NOTE=stripSlashes($HTTP_POST_VARS["NOTE"]);
- WriteNote("$fsDir/$FN","$NOTE");
+ case "NOTE" :
+ if (! HTTP_POST_VAR("NOTE"))
+ Error("Can't add note to object","Can't find var \$NOTE",1);
+ if (! check_perm("$relDir/$FN", trperm_w))
+ Error("Access denied","User $gblLogin tried to add note to $relDir/$FN without valid trustee.",1);
+
+ WriteNote("$fsDir/$FN",$NOTE);
break ;
case "UNLOCK" :
@@ -1945,7 +1952,7 @@
header("Location: ".$tstr) ;
exit ;
}
-
+
// check for mode.. navigate, code display, upload, or detail?
// $A=U : upload to path given in $D
// $A=E : display detail of file $D/$F and edit