From e4da8fc6785d4d5eed84617f60fd9dc32c7ec394 Mon Sep 17 00:00:00 2001
From: garvinhicking <garvinhicking>
Date: Mon, 5 Dec 2005 09:03:12 +0000
Subject: [PATCH] fix bug #1371893: Wrong category read permissions

---
 docs/NEWS                         |  4 ++++
 docs/README                       | 17 +++++++++++++++++
 include/functions_entries.inc.php |  7 ++++---
 3 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/docs/NEWS b/docs/NEWS
index 39b2a61..1f64794 100644
--- a/docs/NEWS
+++ b/docs/NEWS
@@ -42,6 +42,10 @@ Version 1.0 ()
 Version 0.9.2 ()
 ------------------------------------------------------------------------
 
+    * Fix bug #1371893: Category write permissions are not properly
+      evaluated when writing into a category that a user has no
+      access to. Thanks to cydvicious! (garvinhicking)
+
     * Fix bug #1371630: Write permissions to category are stored with
       input data of the 'Read permissions' author listing.
           
diff --git a/docs/README b/docs/README
index f72ad62..5c63e29 100644
--- a/docs/README
+++ b/docs/README
@@ -2,9 +2,26 @@
 # README                                                               #
 ########################################################################
 
+
+
+
+
+
 For the most up-to-date information on documentation, creating styles,
 plugins and so on, please visit our Wiki on http://www.s9y.org/!
 
+
+
+
+
+
+
+
+
+
+
+
+
 ########################################################################
 # NOTES FOR CONDITIONAL GET IN RSS FEEDS                               #
 ########################################################################
diff --git a/include/functions_entries.inc.php b/include/functions_entries.inc.php
index 47f672b..74a1f81 100644
--- a/include/functions_entries.inc.php
+++ b/include/functions_entries.inc.php
@@ -534,15 +534,17 @@ function serendipity_fetchCategories($authorid = null, $name = null, $order = nu
 
     $where = '';
     if ($authorid != 'all' && is_numeric($authorid)) {
+        $sql_authorid = $authorid;
         if (!serendipity_checkPermission('adminCategoriesMaintainOthers', $authorid)) {
             $where = " WHERE (c.authorid = $authorid OR c.authorid = 0)";
             $where .= "OR (
                           acl.artifact_type = 'category'
                           AND acl.artifact_mode = '" . serendipity_db_escape_string($artifact_mode) . "'
-                         )";
+                         ) ";
 
         }
     } else {
+        $sql_authorid = 'c.authorid';
         $where = '';
     }
 
@@ -579,12 +581,11 @@ function serendipity_fetchCategories($authorid = null, $name = null, $order = nu
            LEFT OUTER JOIN {$serendipity['dbPrefix']}authors AS a
                         ON c.authorid = a.authorid
            LEFT OUTER JOIN {$serendipity['dbPrefix']}authorgroups AS ag
-                        ON ag.authorid = a.authorid
+                        ON ag.authorid = $sql_authorid
            LEFT OUTER JOIN {$serendipity['dbPrefix']}access AS acl
                         ON (ag.groupid = acl.groupid AND acl.artifact_id = c.categoryid)
                            $where
                            $group";
-
     if (!empty($order)) {
         $querystring .= "\n ORDER BY $order";
     }
-- 
2.39.5