[geeklog-hg] geeklog: Fixed a bug where wrong permissions with articles submi...

geeklog-cvs at lists.geeklog.net geeklog-cvs at lists.geeklog.net
Wed Oct 22 10:56:14 EDT 2014 

changeset 9541:0b4f271e4504
url:  http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/0b4f271e4504
user: dengen <taharaxp at gmail.com>
date: Wed Oct 22 23:55:22 2014 +0900
description:
Fixed a bug where wrong permissions with articles submitted by guest users (bug #0001787)

diffstat:

 system/classes/story.class.php |  29 ++++++++++++++++++++++++++---
 1 files changed, 26 insertions(+), 3 deletions(-)

diffs (53 lines):

diff -r 4510fbe249c2 -r 0b4f271e4504 system/classes/story.class.php
--- a/system/classes/story.class.php	Sun Aug 31 12:59:41 2014 -0400
+++ b/system/classes/story.class.php	Wed Oct 22 23:55:22 2014 +0900
@@ -1165,8 +1165,8 @@
             if (!isset($_CONF['show_topic_icon'])) {
                 $_CONF['show_topic_icon'] = 1;
             }
-
-            if (DB_getItem($_TABLES['topics'], 'archive_flag', "tid = '{$tmptid}'") == 1) {
+/*
+            if (DB_getItem($_TABLES['topics'], 'archive_flag', "tid = '{$tmptid}'") == 1) { // A bug using undefined variable $tmptid
                 $this->_frontpage = 0;
             } elseif (isset($_CONF['frontpage'])) {
                 $this->_frontpage = $_CONF['frontpage'];
@@ -1174,7 +1174,8 @@
                 $this->_frontpage = 1;
             }
 
-            $this->_oldsid = $this->_sid;
+            $this->_oldsid = $this->_sid; // dead code
+*/
             $this->_date = mktime();
             $this->_featured = 0;
             $this->_commentcode = $_CONF['comment_code'];
@@ -1196,6 +1197,28 @@
             $this->_perm_anon = $T['perm_anon'];
             */
 
+            // Save Topics selected
+            TOPIC_saveTopicSelectionControl('article', $this->_sid);
+
+            $sql = "SELECT group_id,perm_owner,perm_group,perm_members,perm_anon,archive_flag "
+                 . "FROM {$_TABLES['topics']} t, {$_TABLES['topic_assignments']} ta "
+                 . "WHERE ta.type = 'article' AND ta.id = '{$this->_sid}' "
+                 . "AND ta.tdefault = 1 AND ta.tid = t.tid";
+            $result = DB_query($sql);
+            $A = DB_fetchArray($result);
+            if ($A['archive_flag'] == 1) {
+                $this->_frontpage = 0;
+            } elseif (isset($_CONF['frontpage'])) {
+                $this->_frontpage = $_CONF['frontpage'];
+            } else {
+                $this->_frontpage = 1;
+            }
+            $this->_group_id     = $A['group_id'];
+            $this->_perm_owner   = $A['perm_owner'];
+            $this->_perm_group   = $A['perm_group'];
+            $this->_perm_members = $A['perm_members'];
+            $this->_perm_anon    = $A['perm_anon'];
+
             $this->saveToDatabase();
 
             PLG_itemSaved($this->_sid, 'article');

More information about the geeklog-cvs mailing list