[geeklog-cvs] geeklog: Fixed bug where polls would display in the What's New B...

Thu Mar 11 10:16:21 EST 2010

changeset 7778:1a1112707c5e
url:  http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/1a1112707c5e
user: Tom <websitemaster at cogeco.net>
date: Thu Mar 11 10:13:39 2010 -0500
description:
Fixed bug where polls would display in the What's New Block that the user did not have access to (Users who have already voted but cannot see the results cannot view link)

diffstat:

 plugins/polls/functions.inc |  59 +++++++++++++++++------------
 1 files changed, 34 insertions(+), 25 deletions(-)

diffs (112 lines):

diff -r 542470fa726d -r 1a1112707c5e plugins/polls/functions.inc

--- a/plugins/polls/functions.inc	Wed Mar 10 09:13:29 2010 -0500
+++ b/plugins/polls/functions.inc	Thu Mar 11 10:13:39 2010 -0500
@@ -1237,7 +1237,7 @@
 */
 function plugin_getiteminfo_polls($pid, $what, $uid = 0, $options = array())
 {
-    global $_CONF, $_TABLES;
+    global $_CONF, $_TABLES, $_USER;
     
     // parse $what to see what we need to pull from the database
     $properties = explode(',', $what);
@@ -1257,6 +1257,7 @@
             // needed for $pid == '*', but also in case we're only requesting
             // the URL (so that $fields isn't emtpy)
             $fields[] = 'pid';
+            $fields[] = 'hideresults';
 
             break;
         default:
@@ -1317,9 +1318,12 @@
                                   . '/polls/index.php?pid=' . $pid
                                   . '&aid=-1';
                 } else {
-                    $props['url'] = $_CONF['site_url']
-                                  . '/polls/index.php?pid=' . $A['pid']
-                                  . '&aid=-1';
+                    // Users who have already voted but cannot see the results cannot view link
+                    if ($_USER['uid'] == 2 || ($_USER['uid'] != 2 && !($A['hideresults'] == 1 && (isset($_COOKIE['poll-' . $A['pid']]) || POLLS_ipAlreadyVoted($A['pid']))))) {
+                        $props['url'] = $_CONF['site_url']
+                                      . '/polls/index.php?pid=' . $A['pid'];
+                                      // . '&aid=-1';
+                    }
                 }
                 break;
             default:
@@ -1508,7 +1512,7 @@
 */
 function plugin_getwhatsnew_polls()
 {
-    global $_CONF, $_TABLES, $_PO_CONF, $LANG_POLLS;
+    global $_CONF, $_TABLES, $_PO_CONF, $LANG_POLLS, $_USER;
 
     $retval = '';
     if ($_PO_CONF['hidenewpolls'] == 'modified') {
@@ -1517,13 +1521,13 @@
         $datecolumn = 'created';
     }
     $sql = array();
-    $sql['mysql'] = "SELECT pid, topic 
+    $sql['mysql'] = "SELECT pid, topic, hideresults 
         FROM {$_TABLES['polltopics']} 
         WHERE ({$datecolumn} >= (DATE_SUB(NOW(), INTERVAL {$_PO_CONF['newpollsinterval']} SECOND))) 
         " . COM_getPermSQL('AND') . " 
         ORDER BY {$datecolumn} DESC LIMIT 15";
         
-    $sql['pgsql'] = "SELECT  pid, topic 
+    $sql['pgsql'] = "SELECT  pid, topic, hideresults 
         FROM {$_TABLES['polltopics']} 
         WHERE ({$datecolumn} >= (NOW() - INTERVAL '{$_PO_CONF['newpollsinterval']} SECONDS')) 
         " . COM_getPermSQL('AND') . " 
@@ -1538,27 +1542,32 @@
         for ($x = 0; $x < $nrows; $x++) {
             $A = DB_fetchArray($result);
 
-            //$url = COM_buildUrl($_CONF['site_url'] . '/polls/index.php?pid=' . $A['pid']);
-            $url = $_CONF['site_url'] . '/polls/index.php?pid=' . $A['pid'];
-
-            $title = COM_undoSpecialChars(stripslashes( $A['topic']));
-            $titletouse = COM_truncate($title, $_PO_CONF['title_trim_length'],
-                                       '...');
-            if ($title != $titletouse) {
-                $attr = array('title' => htmlspecialchars($title));
-            } else {
-                $attr = array();
+            // Users who have already voted but cannot see the results cannot view link
+            if ($_USER['uid'] == 2 || ($_USER['uid'] != 2 && !($A['hideresults'] == 1 && (isset($_COOKIE['poll-' . $A['pid']]) || POLLS_ipAlreadyVoted($A['pid']))))) {
+                $url = $_CONF['site_url'] . '/polls/index.php?pid=' . $A['pid'];
+                $title = COM_undoSpecialChars(stripslashes( $A['topic']));
+                $titletouse = COM_truncate($title, $_PO_CONF['title_trim_length'],
+                                           '...');
+                if ($title != $titletouse) {
+                    $attr = array('title' => htmlspecialchars($title));
+                } else {
+                    $attr = array();
+                }
+                $apoll = str_replace('$', '$', $titletouse);
+                $apoll = str_replace(' ', ' ', $apoll);
+    
+                $newpolls[] = COM_createLink($apoll, $url, $attr);
             }
-            $apoll = str_replace('$', '$', $titletouse);
-            $apoll = str_replace(' ', ' ', $apoll);
-
-            $newpolls[] = COM_createLink($apoll, $url, $attr);
         }
-
-        $retval .= COM_makeList($newpolls, 'list-new-plugins');
-    } else {
+        
+        if (isset($url)) {
+            $retval .= COM_makeList($newpolls, 'list-new-plugins');
+        }
+    }
+    
+    if ($nrows == 0 || !isset($url)) {
         $retval .= $LANG_POLLS['no_new_polls'] . '<br' . XHTML . '>' . LB;
-    }
+    }     
 
     return $retval;
 }

