Version 0.9.2 ()
------------------------------------------------------------------------
+ * Fix bug #1371893: Category write permissions are not properly
+ evaluated when writing into a category that a user has no
+ access to. Thanks to cydvicious! (garvinhicking)
+
* Fix bug #1371630: Write permissions to category are stored with
input data of the 'Read permissions' author listing.
$where = '';
if ($authorid != 'all' && is_numeric($authorid)) {
+ $sql_authorid = $authorid;
if (!serendipity_checkPermission('adminCategoriesMaintainOthers', $authorid)) {
$where = " WHERE (c.authorid = $authorid OR c.authorid = 0)";
$where .= "OR (
acl.artifact_type = 'category'
AND acl.artifact_mode = '" . serendipity_db_escape_string($artifact_mode) . "'
- )";
+ ) ";
}
} else {
+ $sql_authorid = 'c.authorid';
$where = '';
}
a.realname
FROM {$serendipity['dbPrefix']}category AS c
LEFT OUTER JOIN {$serendipity['dbPrefix']}authors AS a
- ON c.authorid = a.authorid
+ ON c.authorid = $sql_authorid
LEFT OUTER JOIN {$serendipity['dbPrefix']}authorgroups AS ag
ON ag.authorid = a.authorid
LEFT OUTER JOIN {$serendipity['dbPrefix']}access AS acl
projects / s9y.git / commitdiff