[geeklog-cvs] geeklog: Fixed permissions when searching personal events.

[geeklog-cvs at lists.geeklog.net]

details:   http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/53deb21cc6b3
changeset: 7119:53deb21cc6b3
user:      Sami Barakat
date:      Sun Jun 14 15:29:08 2009 +0100
description:
Fixed permissions when searching personal events.

diffstat:

 plugins/calendar/functions.inc |  6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diffs (23 lines):

diff -r 3ccad374734d -r 53deb21cc6b3 plugins/calendar/functions.inc
--- a/plugins/calendar/functions.inc	Sat Jun 13 22:21:51 2009 +0200
+++ b/plugins/calendar/functions.inc	Sun Jun 14 15:29:08 2009 +0100
@@ -1605,7 +1605,7 @@
 */
 function plugin_dopluginsearch_calendar($query, $datestart, $dateend, $topic, $type, $author, $keyType, $page, $perpage)
 {
-    global $_TABLES, $LANG_CAL_1;
+    global $_TABLES, $_USER, $LANG_CAL_1;
 
     // Make sure the query is SQL safe
     $query = trim(addslashes($query));
@@ -1615,8 +1615,8 @@
     $sql_e .= "FROM {$_TABLES['events']} WHERE 1=1 ";
 
     $sql_p = "SELECT eid AS id, title, description, UNIX_TIMESTAMP(datestart) AS date, owner_id AS uid, ";
-    $sql_p .= "CONCAT('/calendar/event.php?eid=',eid) AS url ";
-    $sql_p .= "FROM {$_TABLES['personal_events']} WHERE 1=1 ";
+    $sql_p .= "CONCAT('/calendar/event.php?mode=personal&eid=',eid) AS url ";
+    $sql_p .= "FROM {$_TABLES['personal_events']} WHERE  (uid = {$_USER['uid']}) ";
 
     $sql = COM_getPermSQL('AND') . ' ';