[geeklog-cvs] geeklog: Fixed (mostly) blank page when calling up a non-existin...

geeklog-cvs at lists.geeklog.net geeklog-cvs at lists.geeklog.net
Thu May 21 16:02:12 EDT 2009


details:   http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/3bbdba8ccdb4
changeset: 7048:3bbdba8ccdb4
user:      Dirk Haun <dirk at haun-online.de>
date:      Thu May 21 22:02:01 2009 +0200
description:
Fixed (mostly) blank page when calling up a non-existing poll ID (reported by scarecrow); also fixed being able to find out a poll's title when you didn't have access to the poll

diffstat:

 public_html/docs/history    |   7 +++++++
 public_html/polls/index.php |  49 ++++++++++++++++++++++++++++---------------------
 2 files changed, 35 insertions(+), 21 deletions(-)

diffs (77 lines):

diff -r 8d6120c198aa -r 3bbdba8ccdb4 public_html/docs/history
--- a/public_html/docs/history	Thu May 21 21:27:11 2009 +0200
+++ b/public_html/docs/history	Thu May 21 22:02:01 2009 +0200
@@ -33,6 +33,13 @@
 - Added a verbose logging option to the search class and make it default to off
   [Dirk]
 
+Polls plugin
+------------
+- If you knew a poll's ID, you could find out the poll's title even if you did
+  not have access to the poll [Dirk]
+- Fixed (mostly) blank page when calling up a non-existing poll ID (reported
+  by scarecrow) [Dirk]
+
 Static Pages plugin
 -------------------
 - Fixed handling of "entire page" centerblocks in a multi-language environment:
diff -r 8d6120c198aa -r 3bbdba8ccdb4 public_html/polls/index.php
--- a/public_html/polls/index.php	Thu May 21 21:27:11 2009 +0200
+++ b/public_html/polls/index.php	Thu May 21 22:02:01 2009 +0200
@@ -169,28 +169,35 @@
                $_CONF['cookiesecure']);
     $display .= COM_siteHeader() . POLLS_pollsave($pid, $aid);
 } elseif (! empty($pid)) {
-    $topic = DB_getItem ($_TABLES['polltopics'], 'topic', "pid = '{$pid}'");
-    $display .= COM_siteHeader('menu', $topic);
-    if ($msg > 0) {
-        $display .= COM_showMessage($msg, 'polls');
-    }
-    if (isset($_POST['aid'])) {
-        $display .= COM_startBlock (
-                $LANG_POLLS['not_saved'], '',
-                COM_getBlockTemplate ('_msg_block', 'header'))
-            . $LANG_POLLS['answer_all'] . ' "' . $topic . '"'
-            . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
-    }
-    if (DB_getItem($_TABLES['polltopics'], 'is_open', "pid = '$pid'") != 1) {
-        $aid = -1; // poll closed - show result
-    }
-    if (!isset ($_COOKIE['poll-'.$pid])
-        && !POLLS_ipAlreadyVoted ($pid)
-        && $aid != -1
-        ) {
-        $display .= POLLS_pollVote ($pid);
+    $topic = DB_getItem($_TABLES['polltopics'], 'topic',
+                        "pid = '{$pid}'" . COM_getPermSQL('AND'));
+    if (empty($topic)) {
+        // poll doesn't exist or user doesn't have access
+        $display .= COM_siteHeader('menu', $LANG_POLLS['pollstitle'])
+                 . COM_showMessageText(sprintf($LANG25[12], $pid));
     } else {
-        $display .= POLLS_pollResults ($pid, 400, $order, $mode);
+        $display .= COM_siteHeader('menu', $topic);
+        if ($msg > 0) {
+            $display .= COM_showMessage($msg, 'polls');
+        }
+        if (isset($_POST['aid'])) {
+            $display .= COM_startBlock (
+                    $LANG_POLLS['not_saved'], '',
+                    COM_getBlockTemplate ('_msg_block', 'header'))
+                . $LANG_POLLS['answer_all'] . ' "' . $topic . '"'
+                . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
+        }
+        if (DB_getItem($_TABLES['polltopics'], 'is_open', "pid = '$pid'") != 1) {
+            $aid = -1; // poll closed - show result
+        }
+        if (!isset ($_COOKIE['poll-'.$pid])
+            && !POLLS_ipAlreadyVoted ($pid)
+            && $aid != -1
+            ) {
+            $display .= POLLS_pollVote ($pid);
+        } else {
+            $display .= POLLS_pollResults ($pid, 400, $order, $mode);
+        }
     }
 } else {
     $poll_topic = DB_query ("SELECT topic FROM {$_TABLES['polltopics']} WHERE pid='$pid'" . COM_getPermSql ('AND'));



More information about the geeklog-cvs mailing list