if (! get_workorder_acl($todo["id"])) {
audit_db($config["id_user"],$config["REMOTE_ADDR"], "ACL Violation","Trying to access Downloads browser");
require ($general_error);
exit;
}
$data["filename"] = safe_output($data["filename"]);
$fileLocation = $config["homedir"]."/attachment/".$data["id_attachment"]."_".$data["filename"];
$last_name = $data["filename"];
break;
case "kb":
$data = get_db_row ("tattachment", "id_attachment", $id_attachment);
if (! check_kb_item_accessibility($config["id_user"], $id_attachment)) {
audit_db($config["id_user"],$config["REMOTE_ADDR"], "ACL Violation","Trying to access Downloads browser");
require ($general_error);
exit;
}
$data["filename"] = safe_output($data["filename"]);
$fileLocation = $config["homedir"]."/attachment/".$data["id_attachment"]."_".$data["filename"];
$last_name = $data["filename"];
break;
case "company":
$data = get_db_row ("tattachment", "id_attachment", $id_attachment);
$read_permission = check_crm_acl ('company', 'cr', $config['id_user'], $data["id_company"]);
// Get incident data
$incident = get_db_row_sql('SELECT titulo, descripcion, epilog FROM tincidencia WHERE id_incidencia = ' . $id_incident);
if ($incident !== false) {
$title = $incident['titulo'];
$data = $incident['descripcion'] . "\n\n" . $incident['epilog'];
}
}
} else {
$id = get_parameter("update", -1);
$row = get_db_row("tkb_data", "id", $id);
$data = $row["data"];
$title = $row["title"];
$id_product = $row["id_product"];
$id_language = $row["id_language"];
$id_category = $row["id_category"];
if ($id != -1 && !check_kb_item_accessibility($id_user, $id)) {
audit_db($id_user, $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to KB forbidden item");
require "general/noaccess.php";
exit;
}
}
echo "<h2>" . __('KB Data management') . "</h2>";
if ($id == -1) {
echo "<h3>" . __('Create a new KB item') . "</a></h3>";
echo "<form id='form-kb_item' name=prodman method='post' action='index.php?sec=kb&sec2=operation/kb/manage_data&create2'>";
} else {
echo "<h3>" . __('Update existing KB item') . "</a></h3>";
echo "<form id='form-kb_item' enctype='multipart/form-data' name=prodman2 method='post' action='index.php?sec=kb&sec2=operation/kb/manage_data&update2'>";
echo "<input id='id_kb_item' type=hidden name=id value='{$id}'>";
}
echo '<table width="90%" class="databox">';
check_login();
if (!give_acl($config["id_user"], 0, "KR")) {
audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access KB Browser");
require "general/noaccess.php";
exit;
}
// Review form
if (!isset($_GET["view"])) {
return;
}
$edit_perm = false;
if (give_acl($config["id_user"], 0, "KW")) {
$edit_perm = true;
}
$id = (int) get_parameter('view');
if ($id && !check_kb_item_accessibility($config["id_user"], $id)) {
audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to KB forbidden item");
require "general/noaccess.php";
exit;
}
$kb_data = get_db_row("tkb_data", "id", $id);
$data = $kb_data["data"];
$title = $kb_data["title"];
$timestamp = $kb_data["timestamp"];
$id_language = $kb_data["id_language"];
$product = '';
if ($kb_data["id_product"]) {
$product = get_db_value('name', 'tkb_product', 'id', $kb_data['id_product']);
}
$category = '';
if ($kb_data["id_category"]) {
