From 0960d26fbfe21ac1af640f7d4d129d53dcba62ae Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Sun, 20 Aug 2006 23:10:59 +0000 Subject: [PATCH] r1103: Better permission checking for the favorites list --- docs/changes.txt | 1 + favorite.php | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/changes.txt b/docs/changes.txt index 0f24089..5268dd9 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -14,6 +14,7 @@ - Fixed a bug where there could be two [userctrl.tpl] - Cast to array to remove foreach() warnings [userctrl.php#160] - Fixed a bug that would cause searching to result in a SQL error +- Added better checking of hidden bugs for the favorites list 1.1.0 Beta 1 ================== diff --git a/favorite.php b/favorite.php index d5b6b3b..11c3778 100644 --- a/favorite.php +++ b/favorite.php @@ -71,8 +71,9 @@ if ($_REQUEST['do'] == 'manage') SELECT favorite.bugid, bug.* FROM " . TABLE_PREFIX . "favorite AS favorite RIGHT JOIN " . TABLE_PREFIX . "bug AS bug ON (favorite.bugid = bug.bugid) - WHERE favorite.userid = " . $bugsys->userinfo['userid'] - ); + WHERE favorite.userid = " . $bugsys->userinfo['userid'] . " + AND (!bug.hidden OR (bug.hidden AND bug.product IN (" . fetch_on_bits('canviewhidden') . "))" . (can_perform('canviewownhidden') ? " OR (bug.hidden AND bug.userid = " . $bugsys->userinfo['userid'] . " AND bug.product IN (" . fetch_on_bits('canviewownhidden') . "))" : "") . ") + "); while ($bug = $db->fetch_array($favorites)) { $funct->exec_swap_bg($stylevar['alt_color'], ''); -- 2.43.5