[geeklog-cvs] geeklog-1.3/public_html/admin event.php,1.49,1.50 story.php,1.131,1.132

Sat Sep 4 15:34:37 EDT 2004

Update of /var/cvs/geeklog-1.3/public_html/admin
In directory www:/tmp/cvs-serv6070

Modified Files:
	event.php story.php 
Log Message:
Fixed bug #269: Don't list items if the Admin doesn't have read access for them.


Index: story.php
===================================================================
RCS file: /var/cvs/geeklog-1.3/public_html/admin/story.php,v
retrieving revision 1.131
retrieving revision 1.132
diff -C2 -d -r1.131 -r1.132
*** story.php	2 Sep 2004 18:38:40 -0000	1.131
--- story.php	4 Sep 2004 19:34:33 -0000	1.132
***************
*** 577,606 ****
  
      $limit = (50 * $page) - 50;
!     $result = DB_query("SELECT *,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} " . $excludetopics . "ORDER BY date DESC LIMIT $limit,50");
      $nrows = DB_numRows($result);
      if ($nrows > 0) {
          for ($i = 1; $i <= $nrows; $i++) {
!             $scount = (50 * $page) - 50 + $i;
!             $A = DB_fetchArray($result);
!             $access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']);
!             if ($access > 0) {
!                 if ($access == 3) {
!                     if (SEC_hasTopicAccess ($A['tid']) == 3) {
!                         $access = $LANG_ACCESS['edit'];
!                     } else {
!                         $access = $LANG_ACCESS['readonly'];
!                     }
                  } else {
                      $access = $LANG_ACCESS['readonly'];
                  }
              } else {
!                 $access = $LANG_ACCESS['none'];
              }
!             $curtime = COM_getUserDateTimeFormat($A['unixdate']);
!             $story_templates->set_var('story_id', $A['sid']);
              $story_templates->set_var ('article_url',
                      COM_buildUrl ($_CONF['site_url'] . '/article.php?story='
                                    . $A['sid']));
!             $story_templates->set_var('row_num', $scount);
              $A['title'] = str_replace('$', '$', $A['title']);
              $story_templates->set_var('story_title', stripslashes($A['title']));
--- 577,604 ----
  
      $limit = (50 * $page) - 50;
!     $result = DB_query("SELECT *,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} " . $excludetopics . COM_getPermSQL ('AND') . "ORDER BY date DESC LIMIT $limit,50");
      $nrows = DB_numRows($result);
      if ($nrows > 0) {
          for ($i = 1; $i <= $nrows; $i++) {
!             $A = DB_fetchArray ($result);
!             $access = SEC_hasAccess ($A['owner_id'], $A['group_id'],
!                                      $A['perm_owner'], $A['perm_group'],
!                                      $A['perm_members'], $A['perm_anon']);
!             if ($access == 3) {
!                 if (SEC_hasTopicAccess ($A['tid']) == 3) {
!                     $access = $LANG_ACCESS['edit'];
                  } else {
                      $access = $LANG_ACCESS['readonly'];
                  }
              } else {
!                 $access = $LANG_ACCESS['readonly'];
              }
!             $scount = (50 * $page) - 50 + $i;
!             $curtime = COM_getUserDateTimeFormat ($A['unixdate']);
!             $story_templates->set_var ('story_id', $A['sid']);
              $story_templates->set_var ('article_url',
                      COM_buildUrl ($_CONF['site_url'] . '/article.php?story='
                                    . $A['sid']));
!             $story_templates->set_var ('row_num', $scount);
              $A['title'] = str_replace('$', '$', $A['title']);
              $story_templates->set_var('story_title', stripslashes($A['title']));

Index: event.php
===================================================================
RCS file: /var/cvs/geeklog-1.3/public_html/admin/event.php,v
retrieving revision 1.49
retrieving revision 1.50
diff -C2 -d -r1.49 -r1.50
*** event.php	4 Aug 2004 18:44:24 -0000	1.49
--- event.php	4 Sep 2004 19:34:33 -0000	1.50
***************
*** 517,535 ****
  
      $limit = (EVENTS_PER_PAGE * ($page - 1));
!     $result = DB_query("SELECT * FROM {$_TABLES['events']} ORDER BY datestart DESC LIMIT $limit," . EVENTS_PER_PAGE);
!     $nrows = DB_numRows($result);
      for ($i = 0; $i < $nrows; $i++) {
!         $ecount = (EVENTS_PER_PAGE * ($page - 1)) + $i + 1;
!         $A = DB_fetchArray($result);
!         $access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']);
!         if ($access > 0) {
!             if ($access == 3) {
!                 $access = $LANG_ACCESS['edit'];
!             } else {
!                 $access = $LANG_ACCESS['readonly'];
!             }
          } else {
!                 $access = $LANG_ACCESS['none'];
          }
          $event_templates->set_var('event_id', $A['eid']);
          $event_templates->set_var('event_title', stripslashes ($A['title']));
--- 517,533 ----
  
      $limit = (EVENTS_PER_PAGE * ($page - 1));
!     $result = DB_query ("SELECT * FROM {$_TABLES['events']}" . COM_getPermSQL () . " ORDER BY datestart DESC LIMIT $limit," . EVENTS_PER_PAGE);
!     $nrows = DB_numRows ($result);
      for ($i = 0; $i < $nrows; $i++) {
!         $A = DB_fetchArray ($result);
!         $access = SEC_hasAccess ($A['owner_id'], $A['group_id'],
!                                  $A['perm_owner'], $A['perm_group'],
!                                  $A['perm_members'], $A['perm_anon']);
!         if ($access == 3) {
!             $access = $LANG_ACCESS['edit'];
          } else {
!             $access = $LANG_ACCESS['readonly'];
          }
+         $ecount = (EVENTS_PER_PAGE * ($page - 1)) + $i + 1;
          $event_templates->set_var('event_id', $A['eid']);
          $event_templates->set_var('event_title', stripslashes ($A['title']));