[geeklog-cvs] geeklog-1.3/public_html comment.php,1.54.2.1,1.54.2.2 index.php,1.56,1.56.2.1

dhaun at iowaoutdoors.org dhaun at iowaoutdoors.org
Mon May 31 06:51:19 EDT 2004 

Update of /var/cvs/geeklog-1.3/public_html
In directory www:/tmp/cvs-serv13750

Modified Files:
      Tag: geeklog_1_3_9_1
	comment.php index.php 
Log Message:
Use COM_getTopicSQL() for proper check of topic permissions.


Index: comment.php
===================================================================
RCS file: /var/cvs/geeklog-1.3/public_html/comment.php,v
retrieving revision 1.54.2.1
retrieving revision 1.54.2.2
diff -C2 -d -r1.54.2.1 -r1.54.2.2
*** comment.php	31 May 2004 10:47:51 -0000	1.54.2.1
--- comment.php	31 May 2004 10:51:17 -0000	1.54.2.2
***************
*** 429,433 ****
          $allowed = 1;
          if ($type == 'article') {
!             $result = DB_query ("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (sid = '$sid') AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL ('AND'));
              $A = DB_fetchArray ($result);
              $allowed = $A['count'];
--- 429,433 ----
          $allowed = 1;
          if ($type == 'article') {
!             $result = DB_query ("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (sid = '$sid') AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL ('AND') . COM_getTopicSQL ('AND'));
              $A = DB_fetchArray ($result);
              $allowed = $A['count'];

Index: index.php
===================================================================
RCS file: /var/cvs/geeklog-1.3/public_html/index.php,v
retrieving revision 1.56
retrieving revision 1.56.2.1
diff -C2 -d -r1.56 -r1.56.2.1
*** index.php	28 Feb 2004 16:57:47 -0000	1.56
--- index.php	31 May 2004 10:51:17 -0000	1.56.2.1
***************
*** 151,166 ****
  }
  
! $tresult = DB_query ("SELECT tid FROM {$_TABLES['topics']}" . COM_getPermSQL());
! $trows = DB_numRows ($tresult);
! if ($trows > 0) {
!     $tids = array ();
!     for ($i = 0; $i < $trows; $i++) {
!         $T = DB_fetchArray ($tresult);
!         $tids[] = $T['tid'];
!     }
!     if (sizeof ($tids) > 0) {
!         $sql .= "AND (tid IN ('" . implode ("','", $tids) . "')) ";
!     }
! }
  
  if ($newstories) {
--- 151,155 ----
  }
  
! $sql .= COM_getTopicSQL ('AND') . ' ';
  
  if ($newstories) {

More information about the geeklog-cvs mailing list