There is a BUG in the publishing page of PHPCMS. Even if the editor does not have permission to access a certain column, he can still select the column in the column drop-down menu on the publishing page and publish articles to this column. Down. How to fix this BUG? Let's first take a look at how the drop-down menu of the publishing page is generated.
The template file for publishing the page is in /admin/templates/content_add.tpl.php, and its form is output through the following statement:
if(is_array($forminfos['base']))
{
foreach($forminfos['base'] as $field=>$info)
{
}
}
The clue is found, it is the $forminfos array. This array is generated in the file /admin/content.inc.php. Let’s take a look at the generated code:
$data['catid'] = $catid; $data['template'] = isset($template_show) ? $template_show :$MODEL[$modelid]['template_show']; require CACHE_MODEL_PATH.'content_form.class.php'; $content_form = new content_form($modelid); $forminfos = $content_form->get($data);
Printing out the array $forminfos you can find that the code of the drop-down menu is saved in $forminfos['base']['catid']['form']:
<select name="info[catid]" id="catid"><option value="96" >扶贫动态</option><option value="95" >通知公告</option><option value="35" >最新动态</option><option value="36" selected>新闻</option><option value="37" >爱心捐助</option><option value="83" >捐助纪实</option><option value="38" >爱心回馈</option><option value="40" >捐款名单</option><option value="41" >紧急求助</option><option value="73" >帮助中心</option><option value="74" >友情连接</option><option value="43" >对口地区</option><option value="44" >新闻动态</option><option value="45" >援建项目</option><option value="47" >爱心捐助</option><option value="48" >情系三峡</option><option value="50" >新闻专区</option><option value="51" >爱心捐助</option><option value="52" >政策动态</option><option value="53" >结对帮扶</option><option value="54" >援建项目</option><option value="56" >扶贫现状</option><option value="57" >扶助对象</option><option value="58" >新闻动态</option><option value="59" >爱心捐助</option><option value="60" >扶贫项目</option><option value="62" >基金简介</option><option value="64" >募捐情况</option><option value="65" >基金用途</option><option value="66" >账户情况</option><option value="67" >新闻动态</option><option value="68" >义工</option><option value="69" >政策法规</option><option value="87" >顶新闻栏</option><option value="88" >顶新闻栏</option><option value="89" >顶新闻栏</option><option value="98" >顶新闻栏</option><option value="99" >顶新闻栏</option></select><input type="hidden" name="old_catid" value="36"> <a href=\'\' class="jqModal" onclick="$(\'.jqmWindow\').show();"/> [同时发布到其他栏目]</a>
I still speculated. I just need to extract the regular numbers inside, verify the permissions, unset those without permissions, and combine the rest together to regenerate $forminfos['base']['catid'][ 'form'] will do:
$data['catid'] = $catid;
$data['template'] = isset($template_show) ? $template_show :$MODEL[$modelid]['template_show'];
require CACHE_MODEL_PATH.'content_form.class.php';
$content_form = new content_form($modelid);
$forminfos = $content_form->get($data);
// 判断权限
preg_match_all("//", $forminfos['base']['catid']['form'], $matches['str']);
preg_match_all("/[1-9]\d/", $forminfos['base']['catid']['form'], $matches['num']);
foreach($matches['num'][0] as $key=>$value)
{
$allow_manage = $priv_role->check('catid', $matches['num'][0][$key], 'manage');
if(!$allow_manage)
{
unset($matches['num'][0][$key]);
unset($matches['str'][0][$key]);
}
}
foreach($matches['str'][0] as $key=>$value)
{
$opstr .= $matches['str'][0][$key];
}
$forminfos['base']['catid']['form'] = preg_replace('//', $opstr, $forminfos['base']['catid']['form']);
It is highly speculative and is for reference only.
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
