[geeklog-cvs] geeklog-1.3/public_html lib-common.php,1.237,1.238

Sun Jul 6 05:37:27 EDT 2003

Update of /usr/cvs/geeklog/geeklog-1.3/public_html
In directory internal.geeklog.net:/tmp/cvs-serv12413

Modified Files:
	lib-common.php 
Log Message:
Check for proper topic access when displaying the number of stories the user has access to in the Admin menu.


Index: lib-common.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/lib-common.php,v
retrieving revision 1.237
retrieving revision 1.238
diff -C2 -d -r1.237 -r1.238
*** lib-common.php	5 Jul 2003 10:09:36 -0000	1.237
--- lib-common.php	6 Jul 2003 09:37:25 -0000	1.238
***************
*** 2269,2272 ****
--- 2269,2293 ----
                             COM_getBlockTemplate( 'admin_block', 'header' ));
  
+         $topicsql = '';
+         if( SEC_isModerator() || SEC_hasrights( 'story.edit' ))
+         {
+             $tresult = DB_query( "SELECT tid FROM {$_TABLES['topics']}"
+                                  . COM_getPermSQL() );
+             $trows = DB_numRows( $tresult );
+             if( $trows > 0 )
+             {
+                 $tids = array();
+                 for( $i = 0; $i < $trows; $i++ )
+                 {
+                     $T = DB_fetchArray( $tresult );
+                     $tids[] = $T['tid'];
+                 }
+                 if( sizeof( $tids ) > 0 )
+                 {
+                     $topicsql = " (tid IN ('" . implode( "','", $tids ) . "'))";
+                 }
+             }
+         }
+ 
          if( SEC_isModerator() )
          {
***************
*** 2279,2283 ****
                  if( $_CONF['listdraftstories'] == 1 )
                  {
!                     $result = DB_query( "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (draft_flag = 1)" . COM_getPermSQL( 'AND', 0, 3 ));
                      $A = DB_fetchArray( $result );
                      $num += $A['count'];
--- 2300,2309 ----
                  if( $_CONF['listdraftstories'] == 1 )
                  {
!                     $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (draft_flag = 1)";
!                     if( !empty( $topicsql ))
!                     {
!                         $sql .= ' AND' . $topicsql;
!                     }
!                     $result = DB_query( $sql . COM_getPermSQL( 'AND', 0, 3 ));
                      $A = DB_fetchArray( $result );
                      $num += $A['count'];
***************
*** 2322,2326 ****
              $adminmenu->set_var( 'option_url', $url );
              $adminmenu->set_var( 'option_label', $LANG01[11] );
!             $adminmenu->set_var( 'option_count', DB_count( $_TABLES['stories'] ));
              $retval .= $adminmenu->parse( 'item',
                      ( $thisUrl == $url ) ? 'current' : 'option' );
--- 2348,2362 ----
              $adminmenu->set_var( 'option_url', $url );
              $adminmenu->set_var( 'option_label', $LANG01[11] );
!             if( empty( $topicsql ))
!             {
!                 $numstories = DB_count( $_TABLES['stories'] );
!             }
!             else
!             {
!                 $nresult = DB_query( "SELECT COUNT(*) AS count from {$_TABLES['stories']} WHERE" . $topicsql );
!                 $N = DB_fetchArray( $nresult );
!                 $numstories = $N['count'];
!             }
!             $adminmenu->set_var( 'option_count', $numstories );
              $retval .= $adminmenu->parse( 'item',
                      ( $thisUrl == $url ) ? 'current' : 'option' );