From 8c91c1c60d8ec9ed246099d77e7f9f2161514ae6 Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Mon, 6 Jun 2005 03:12:20 +0000 Subject: [PATCH] r240: Only show custom field history if we have permission. --- showhistory.php | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/showhistory.php b/showhistory.php index b7d7755..e1ba3c6 100644 --- a/showhistory.php +++ b/showhistory.php @@ -31,6 +31,22 @@ if ($bug['hidden'] AND !can_perform('canviewhidden')) // ################################################################### +$customfields = $db->query(" + SELECT bugfield.* + FROM " . TABLE_PREFIX . "bugfield AS bugfield + LEFT JOIN " . TABLE_PREFIX . "bugfieldpermission AS permission + ON (bugfield.fieldid = permission.fieldid) + WHERE permission.mask <> 0 + AND permission.usergroupid = {$bugsys->userinfo['usergroupid']}" +); + +while ($field = $db->fetch_array($customfields)) +{ + $fieldlist[] = 'custom_' . $field['shortname']; +} + +// ################################################################### + $logs_fetch = $db->query(" SELECT history.*, user.userid, user.email, user.displayname, user.showemail FROM " . TABLE_PREFIX . "history AS history @@ -59,7 +75,16 @@ foreach ($logs AS $dateline => $logitems) foreach ($logitems AS $log) { $hasvalues = ((empty($log['original']) AND empty($log['changed'])) ? false : true); - $show['changes'] = (($hasvalues) ? true : $show['changes']); + + if (preg_match('#^custom_#', $log['field'])) + { + if (!in_array($log['field'], $fieldlist)) + { + $hasvalues = false; + } + } + + $show['changes'] = (($hasvalues) ? true : $show['changes']); if ($hasvalues) { -- 2.43.5