From 8c91c1c60d8ec9ed246099d77e7f9f2161514ae6 Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Mon, 6 Jun 2005 03:12:20 +0000
Subject: [PATCH] r240: Only show custom field history if we have permission.

---
 showhistory.php | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/showhistory.php b/showhistory.php
index b7d7755..e1ba3c6 100644
--- a/showhistory.php
+++ b/showhistory.php
@@ -31,6 +31,22 @@ if ($bug['hidden'] AND !can_perform('canviewhidden'))
 
 // ###################################################################
 
+$customfields = $db->query("
+	SELECT bugfield.*
+	FROM " . TABLE_PREFIX . "bugfield AS bugfield
+	LEFT JOIN " . TABLE_PREFIX . "bugfieldpermission AS permission
+		ON (bugfield.fieldid = permission.fieldid)
+	WHERE permission.mask <> 0
+	AND permission.usergroupid = {$bugsys->userinfo['usergroupid']}"
+);
+
+while ($field = $db->fetch_array($customfields))
+{
+	$fieldlist[] = 'custom_' . $field['shortname'];
+}
+
+// ###################################################################
+
 $logs_fetch = $db->query("
 	SELECT history.*, user.userid, user.email, user.displayname, user.showemail
 	FROM " . TABLE_PREFIX . "history AS history
@@ -59,7 +75,16 @@ foreach ($logs AS $dateline => $logitems)
 	foreach ($logitems AS $log)
 	{
 		$hasvalues = ((empty($log['original']) AND empty($log['changed'])) ? false : true);
-		$show['changes'] = (($hasvalues) ? true : $show['changes']);	
+		
+		if (preg_match('#^custom_#', $log['field']))
+		{
+			if (!in_array($log['field'], $fieldlist))
+			{
+				$hasvalues = false;
+			}
+		}
+		
+		$show['changes'] = (($hasvalues) ? true : $show['changes']);
 		
 		if ($hasvalues)
 		{
-- 
2.22.5