[geeklog-cvs] geeklog: Fixed permissions when searching personal events.
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sun Jun 14 10:30:32 EDT 2009
details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/53deb21cc6b3
changeset: 7119:53deb21cc6b3
user: Sami Barakat
date: Sun Jun 14 15:29:08 2009 +0100
description:
Fixed permissions when searching personal events.
diffstat:
plugins/calendar/functions.inc | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diffs (23 lines):
diff -r 3ccad374734d -r 53deb21cc6b3 plugins/calendar/functions.inc
--- a/plugins/calendar/functions.inc Sat Jun 13 22:21:51 2009 +0200
+++ b/plugins/calendar/functions.inc Sun Jun 14 15:29:08 2009 +0100
@@ -1605,7 +1605,7 @@
*/
function plugin_dopluginsearch_calendar($query, $datestart, $dateend, $topic, $type, $author, $keyType, $page, $perpage)
{
- global $_TABLES, $LANG_CAL_1;
+ global $_TABLES, $_USER, $LANG_CAL_1;
// Make sure the query is SQL safe
$query = trim(addslashes($query));
@@ -1615,8 +1615,8 @@
$sql_e .= "FROM {$_TABLES['events']} WHERE 1=1 ";
$sql_p = "SELECT eid AS id, title, description, UNIX_TIMESTAMP(datestart) AS date, owner_id AS uid, ";
- $sql_p .= "CONCAT('/calendar/event.php?eid=',eid) AS url ";
- $sql_p .= "FROM {$_TABLES['personal_events']} WHERE 1=1 ";
+ $sql_p .= "CONCAT('/calendar/event.php?mode=personal&eid=',eid) AS url ";
+ $sql_p .= "FROM {$_TABLES['personal_events']} WHERE (uid = {$_USER['uid']}) ";
$sql = COM_getPermSQL('AND') . ' ';
More information about the geeklog-cvs
mailing list