[ic] I found another permissions bug in the UI...

Stefan Hornburg Racke interchange-users@interchange.redhat.com
Thu May 23 17:07:01 2002 

--=-=-=

Michael Goldfarb <mikeg@contactdesigns.com> writes:

> 4.8.5
> 7.2
> 
> Hello,
> 
> I followed the instructions posted by John and Stefan above (on May 16) with
> the same subject line.

I posted no instructions, but stated that I fixed the problem in CVS.
Attached are the fixed UI pages. Please try if your problem goes away,
if you use these pages.

Ciao
        Racke

-- 
Free resources for Interchange programming NOW !!! 
Don't hesitate to contact me if you need my professional help.
Your core developer and consultant for the most sophisticated,
flexible and extensible Open Source eCommerce software.

--=-=-=
Content-Type: text/html
Content-Disposition: attachment; filename=orderstats.html

@_UI_STD_INIT_@[if-mm !advanced orderstats]
[set ui_error]
[L]Not authorized for order statistics.[/L]
[/set]
[bounce page="__UI_BASE__/error"]
[value name=saved_report set=""]
[/if-mm]
[set ui_class]Reports[/set]
[set page_title][L]Order Statistics[/L][/set]
[set icon_name]icon_stats.gif[/set]
[set help_name]stats.order[/set]
@_UI_STD_HEAD_@

<table border=0 __UI_T_PROPERTIES__>
<tr bgcolor="#000000" height=1><td colspan=2></td></tr>
<tr>
<td colspan=2 bgcolor=__UI_C_TOPBLOCKBAR__><FONT COLOR="__UI_C_TITLEBARTXT__"><B>[L]View stats for this month only[/L]</B></FONT></td>
</tr>
<tr bgcolor="#000000" height=1><td colspan=2></td></tr>
<tr bgcolor="#FFFFFF" height=2><td colspan=2></td></tr>
<tr>
<td bgcolor="__UI_C_INTBLOCK__" colspan=2>

<BLOCKQUOTE>
<A HREF="[area __UI_BASE__/reports/order/ByAffiliate]">[L]Overall by month[/L]</A><BR>
<A HREF="[area __UI_BASE__/reports/order/Monthly]">[L]By day for this month[/L]</A><BR>
<A HREF="[area __UI_BASE__/reports/order/Detail]">[L]Individual orders this month[/L]</A><BR>
</BLOCKQUOTE>

</td>
</tr>
<tr bgcolor="#ffffff" height=25><td colspan=2>&nbsp;</td></tr>

<tr>
<td colspan=2 bgcolor=__UI_C_TOPBLOCKBAR__><FONT COLOR="__UI_C_TITLEBARTXT__"><B>[L]View stats for any period of time[/L]</B></FONT></td>
</tr>
<tr bgcolor="#000000" height=1><td colspan=2></td></tr>
<tr bgcolor="#FFFFFF" height=2><td colspan=2></td></tr>

<FORM ACTION="[process]">
<INPUT TYPE=hidden NAME=mv_session_id VALUE="[data session id]">
<INPUT TYPE=hidden NAME=mv_todo VALUE=return>
<INPUT TYPE=hidden NAME=mv_nextpage VALUE="__UI_BASE__/reports/order/ByAffiliate">
<TR>
<TD bgcolor="__UI_C_INTBLOCK__">
<BLOCKQUOTE>[L]Beginning:[/L]<BR>
	[widget type=date name=ui_begin_date]
</BLOCKQUOTE>
</TD>
<TD bgcolor="__UI_C_INTBLOCK__">
<BLOCKQUOTE>[L]Ending:[/L]<BR>
	[widget type=date name=ui_end_date]
</BLOCKQUOTE>
</TD>
<TR>
<TD COLSPAN=2 bgcolor="__UI_C_INTBLOCK__">
	[set [L]List individual orders[/L]]
	mv_nextpage=__UI_BASE__/reports/order/Detail
	[/set]
	[set [L]By day[/L]]
	mv_nextpage=__UI_BASE__/reports/order/Monthly
	[/set]
	<BLOCKQUOTE>
	<INPUT TYPE=submit VALUE="[L]By month[/L]">&nbsp;&nbsp;&nbsp;&nbsp;<INPUT TYPE=submit NAME=mv_click VALUE="[L]By day[/L]">&nbsp;&nbsp;&nbsp;&nbsp;<INPUT TYPE=submit NAME=mv_click VALUE="[L]List individual orders[/L]">
	</BLOCKQUOTE>
</TD>
</TR>
<tr bgcolor="#000000" height=1><td colspan=2></td></tr>
</TABLE>
</FORM>
</td>
</tr>

</table>

@_UI_STD_FOOTER_@

--=-=-=
Content-Type: text/html
Content-Disposition: attachment; filename=trafficstats.html

@_UI_STD_INIT_@[if-mm !advanced trafficstats]
[set ui_error]
[L]Not authorized for traffic statistics.[/L]
[/set]
[bounce page="__UI_BASE__/error"]
[value name=saved_report set=""]
[/if-mm]
[set page_title][L]Traffic Statistics[/L][/set]
[set ui_class]Reports[/set]
[set icon_name]icon_stats.gif[/set]
[set help_name]stats.traffic[/set]
@_UI_STD_HEAD_@

<table border=0 __UI_T_PROPERTIES__>
<tr bgcolor="#000000" height=1><td colspan=2></td></tr>
<tr>
<td colspan=2 bgcolor=__UI_C_TOPBLOCKBAR__><FONT COLOR="__UI_C_TITLEBARTXT__">[L]View stats for this month only[/L]</FONT></td>
</tr>
<tr bgcolor="#000000" height=1><td colspan=8></td></tr>
<tr bgcolor="#FFFFFF" height=2><td colspan=8></td></tr>
<tr>
<td bgcolor="__UI_C_INTBLOCK__" colspan=2>

<A HREF="[area href=__UI_BASE__/reports/traffic/ByAffiliate]">[L]Overall by month[/L]</A><BR>
<A HREF="[area href=__UI_BASE__/reports/traffic/ByAffiliate
				form="
						ui_by_day=1
						ui_begin_date=[tag time]%Y%m[/tag]
				"]">[L]By day for this month[/L]</A><BR>

</td>
</tr>
<tr bgcolor="#000000" height=1><td colspan=8></td></tr>

</table>
<br>
<table border=0 __UI_T_PROPERTIES__>
<tr bgcolor="#000000" height=1><td colspan=8></td></tr>
<tr>
<td colspan=3 bgcolor=__UI_C_TOPBLOCKBAR__><FONT COLOR="__UI_C_TITLEBARTXT__">[L]View stats for any period of time[/L]</FONT></td>
</tr>
<tr bgcolor="#000000" height=1><td colspan=8></td></tr>
<tr bgcolor="#FFFFFF" height=2><td colspan=8></td></tr>

<FORM ACTION="[process]">
<INPUT TYPE=hidden NAME=mv_session_id VALUE="[data session id]">
<INPUT TYPE=hidden NAME=mv_todo VALUE=return>
<INPUT TYPE=hidden NAME=mv_nextpage VALUE="__UI_BASE__/reports/traffic/ByAffiliate">

<TR>
<TD bgcolor="__UI_C_INTBLOCK__">

[L]Beginning:[/L]<BR>
	[widget type=date name=ui_begin_date]

</TD>
<TD bgcolor="__UI_C_INTBLOCK__">

[L]Ending:[/L]<BR>
	[widget type=date name=ui_end_date]

</TD>
[if-mm advanced affiliate=l]
<TD bgcolor="__UI_C_INTBLOCK__">

[L]For affiliate:[/L]<BR>
	<SELECT NAME=affiliate>
		<OPTION VALUE=""> --[L]all[/L]--
		[loop search="
			fi=affiliate
			st=db
			ra=yes
			ml=1000
			tf=name
			rf=affiliate,name
		"]<OPTION VALUE="[loop-code]">[loop-pos 1]
		[/loop]
	</SELECT>

</TD>
</TR>
<TR>
<TD COLSPAN=3 bgcolor="__UI_C_INTBLOCK__">
[else]
</TR>
<TR>
<TD COLSPAN=3 bgcolor="__UI_C_INTBLOCK__">
[/else]
[/if-mm]
	[set [L]By day[/L]]
	ui_by_day=1
	[/set]
	<BLOCKQUOTE>
	<INPUT TYPE=submit VALUE="[L]By month[/L]">&nbsp;&nbsp;&nbsp;&nbsp;<INPUT TYPE=submit NAME=mv_click VALUE="[L]By day[/L]">
	</BLOCKQUOTE>
</TD>
</TR>
<tr bgcolor="#000000" height=1><td colspan=8></td></tr>
</TABLE>
</FORM>
</td>
</tr>

</tr>
</table>

@_UI_STD_FOOTER_@

--=-=-=--