diff options
| author | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-01-08 11:41:23 +0000 |
|---|---|---|
| committer | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-01-08 11:41:23 +0000 |
| commit | 101e32443886ddbcd788e1afc5423c23655a56f6 (patch) | |
| tree | 55e0932991780895bb2226c2a61403b560aae6ef /engine/lib/annotations.php | |
| parent | d9a3325805995e78ecf68942b6c153d90f363619 (diff) | |
| download | elgg-101e32443886ddbcd788e1afc5423c23655a56f6.tar.gz elgg-101e32443886ddbcd788e1afc5423c23655a56f6.tar.bz2 | |
Closes #663: Added access checks on entity on get_entities_from_annotation and count functions.
git-svn-id: https://code.elgg.org/elgg/trunk@2541 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib/annotations.php')
| -rw-r--r-- | engine/lib/annotations.php | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php index 09158d6a3..a89d8c40b 100644 --- a/engine/lib/annotations.php +++ b/engine/lib/annotations.php @@ -425,7 +425,8 @@ foreach ($where as $w) $query .= " $w and "; - $query .= get_access_sql_suffix("a"); // Add access controls
+ $query .= get_access_sql_suffix("a"); // Add access controls + $query .= ' and ' . get_access_sql_suffix("e"); // Add access controls
if ($count) {
$row = get_data_row($query);
@@ -595,7 +596,8 @@ $query = "SELECT $sum(ms.string) as sum from {$CONFIG->dbprefix}annotations a JOIN {$CONFIG->dbprefix}entities e on a.entity_guid = e.guid JOIN {$CONFIG->dbprefix}metastrings ms on a.value_id=ms.id WHERE ";
foreach ($where as $w)
$query .= " $w and ";
- $query .= get_access_sql_suffix("a"); // now add access
+ $query .= get_access_sql_suffix("a"); // now add access + $query .= ' and ' . get_access_sql_suffix("e"); // now add access
$row = get_data_row($query);
if ($row)
|