aboutsummaryrefslogtreecommitdiff
path: root/engine
diff options
context:
space:
mode:
authoricewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-06-03 10:50:45 +0000
committericewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-06-03 10:50:45 +0000
commit43828480d83cff68ba2963719858fabc69b2c831 (patch)
tree441389aec12c3f230eeb691f14c883bd70cf9cfa /engine
parentf1caa7a05133f1879c6d74aa581720d5f65f884f (diff)
downloadelgg-43828480d83cff68ba2963719858fabc69b2c831.tar.gz
elgg-43828480d83cff68ba2963719858fabc69b2c831.tar.bz2
Marcus Povey <marcus@dushka.co.uk>
* Fixed annotations not returning anything * Access control on db now disabled when run from privileged code block. git-svn-id: https://code.elgg.org/elgg/trunk@780 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine')
-rw-r--r--engine/lib/annotations.php33
-rw-r--r--engine/lib/entities.php10
-rw-r--r--engine/lib/metadata.php27
-rw-r--r--engine/lib/relationships.php4
4 files changed, 36 insertions, 38 deletions
diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php
index e04c302e1..2488a8422 100644
--- a/engine/lib/annotations.php
+++ b/engine/lib/annotations.php
@@ -134,9 +134,9 @@
global $CONFIG;
$annotation_id = (int) $annotation_id;
- $access = get_access_list();
+ $access = get_access_sql_suffix("a");
- return row_to_elggannotation(get_data_row("select a.*, n.string as name, v.string as value from {$CONFIG->dbprefix}annotations a JOIN {$CONFIG->dbprefix}metastrings n on a.name_id = n.id JOIN {$CONFIG->dbprefix}metastrings v on a.value_id = v.id where a.id=$annotation_id and (a.access_id in {$access} or (a.access_id = 0 and a.owner_guid = {$_SESSION['id']}))"));
+ return row_to_elggannotation(get_data_row("select a.*, n.string as name, v.string as value from {$CONFIG->dbprefix}annotations a JOIN {$CONFIG->dbprefix}metastrings n on a.name_id = n.id JOIN {$CONFIG->dbprefix}metastrings v on a.value_id = v.id where a.id=$annotation_id and $access"));
}
/**
@@ -200,7 +200,7 @@
$access_id = (int)$access_id;
- $access = get_access_list();
+ $access = get_access_sql_suffix();
// Add the metastring
$value = add_metastring($value);
@@ -210,7 +210,7 @@
if (!$name) return false;
// If ok then add it
- return update_data("UPDATE {$CONFIG->dbprefix}annotations set value_id='$value', value_type='$value_type', access_id=$access_id, owner_guid=$owner_guid where id=$annotation_id and name_id='$name' and (access_id in {$access} or (access_id = 0 and owner_guid = {$_SESSION['id']}))");
+ return update_data("UPDATE {$CONFIG->dbprefix}annotations set value_id='$value', value_type='$value_type', access_id=$access_id, owner_guid=$owner_guid where id=$annotation_id and name_id='$name' and $access");
}
/**
@@ -232,18 +232,20 @@
$entity_guid = (int)$entity_guid;
$entity_type = sanitise_string($entity_type);
- $entity_subtype = get_subtype_id($entity_type, $entity_subtype);
- $name = get_metastring_id($name);
- if ($name === false)
- $name = 0;
+ $entity_subtype = get_subtype_id($entity_type, $entity_subtype);
+ if ($name)
+ {
+ $name = get_metastring_id($name);
+
+ if ($name === false)
+ $name = 0;
+ }
if ($value != "") $value = get_metastring_id($value);
$owner_guid = (int)$owner_guid;
$limit = (int)$limit;
$offset = (int)$offset;
$order_by = sanitise_string($order_by);
- $access = get_access_list();
-
$where = array();
if ($entity_guid != 0)
@@ -267,9 +269,9 @@
$query = "SELECT a.*, n.string as name, v.string as value from {$CONFIG->dbprefix}annotations a JOIN {$CONFIG->dbprefix}entities e on a.entity_guid = e.guid JOIN {$CONFIG->dbprefix}metastrings v on a.value_id=v.id JOIN {$CONFIG->dbprefix}metastrings n on a.name_id = n.id where ";
foreach ($where as $w)
$query .= " $w and ";
- $query .= " (a.access_id in {$access} or (a.access_id = 0 and a.owner_guid = {$_SESSION['id']}))"; // Add access controls
+ $query .= get_access_sql_suffix("a"); // Add access controls
$query .= " order by $order_by limit $offset,$limit"; // Add order and limit
- return get_data($query, "row_to_elggannotation");
+echo "$query\n"; return get_data($query, "row_to_elggannotation");
}
@@ -356,7 +358,6 @@
$entity_type = sanitise_string($entity_type);
$entity_subtype = get_subtype_id($entity_type, $entity_subtype);
$name = get_metastring_id($name);
- $access = get_access_list();
$where = array();
@@ -375,7 +376,7 @@
$query = "SELECT $sum(ms.string) as sum from {$CONFIG->dbprefix}annotations a JOIN {$CONFIG->dbprefix}entities e on a.entity_guid = e.guid JOIN {$CONFIG->dbprefix}metastrings ms on a.value_id=ms.id WHERE ";
foreach ($where as $w)
$query .= " $w and ";
- $query .= " (a.access_id in {$access} or (a.access_id = 0 and a.owner_guid = {$_SESSION['id']}))"; // now add access
+ $query .= get_access_sql_suffix("a"); // now add access
$row = get_data_row($query);
if ($row)
@@ -395,9 +396,9 @@
$id = (int)$id;
- $access = get_access_list();
+ $access = get_access_sql_suffix();
- return delete_data("DELETE from {$CONFIG->dbprefix}annotations where id=$id and (access_id in {$access} or (access_id = 0 and owner_guid = {$_SESSION['id']}))");
+ return delete_data("DELETE from {$CONFIG->dbprefix}annotations where id=$id and $access");
}
/**
diff --git a/engine/lib/entities.php b/engine/lib/entities.php
index 3ae68a685..4507c2bb0 100644
--- a/engine/lib/entities.php
+++ b/engine/lib/entities.php
@@ -812,9 +812,9 @@
$guid = (int) $guid;
- $access = get_access_list();
+ $access = get_access_sql_suffix();
- return get_data_row("SELECT * from {$CONFIG->dbprefix}entities where guid=$guid and (access_id in {$access} or (access_id = 0 and owner_guid = {$_SESSION['id']}))");
+ return get_data_row("SELECT * from {$CONFIG->dbprefix}entities where guid=$guid and $access");
}
/**
@@ -893,9 +893,7 @@
$site_guid = (int) $site_guid;
if ($site_guid == 0)
$site_guid = $CONFIG->site_guid;
-
- $access = get_access_list();
-
+
$where = array();
if ($type != "")
@@ -923,7 +921,7 @@
}
foreach ($where as $w)
$query .= " $w and ";
- $query .= " (access_id in {$access} or (access_id = 0 and owner_guid = {$_SESSION['id']}))"; // Add access controls
+ $query .= get_access_sql_suffix(); // Add access controls
if (!$count) {
$query .= " order by $order_by";
if ($limit) $query .= " limit $offset, $limit"; // Add order and limit
diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php
index dd678b599..798505288 100644
--- a/engine/lib/metadata.php
+++ b/engine/lib/metadata.php
@@ -130,9 +130,9 @@
global $CONFIG;
$id = (int)$id;
- $access = get_access_list();
+ $access = get_access_sql_suffix("m");
- return row_to_elggmetadata(get_data_row("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.id=$id and (m.access_id in {$access} or (m.access_id = 0 and m.owner_guid = {$_SESSION['id']}))"));
+ return row_to_elggmetadata(get_data_row("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.id=$id and $access"));
}
/**
@@ -238,7 +238,7 @@
$access_id = (int)$access_id;
- $access = get_access_list();
+ $access = get_access_sql_suffix();
// Add the metastring
@@ -249,7 +249,7 @@
if (!$name) return false;
// If ok then add it
- return update_data("UPDATE {$CONFIG->dbprefix}metadata set value_id='$value', value_type='$value_type', access_id=$access_id, owner_guid=$owner_guid where id=$id and name_id='$name' and (access_id in {$access} or (access_id = 0 and owner_guid = {$_SESSION['id']}))");
+ return update_data("UPDATE {$CONFIG->dbprefix}metadata set value_id='$value', value_type='$value_type', access_id=$access_id, owner_guid=$owner_guid where id=$id and name_id='$name' and $access");
}
/**
@@ -299,8 +299,8 @@
$meta_name = get_metastring_id($meta_name);
$entity_guid = (int)$entity_guid;
- $access = get_access_list();
- $result = get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and m.name_id='$meta_name' and (m.access_id in {$access} or (m.access_id = 0 and m.owner_guid = {$_SESSION['id']}))", "row_to_elggmetadata");
+ $access = get_access_sql_suffix("m");
+ $result = get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and m.name_id='$meta_name' and $access", "row_to_elggmetadata");
if (!$result)
return false;
@@ -320,9 +320,9 @@
global $CONFIG;
$entity_guid = (int)$entity_guid;
- $access = get_access_list();
+ $access = get_access_sql_suffix("m");
- return get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and (m.access_id in {$access} or (m.access_id = 0 and m.owner_guid = {$_SESSION['id']}))", "row_to_elggmetadata");
+ return get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and $access", "row_to_elggmetadata");
}
/**
@@ -353,7 +353,6 @@
if ($site_guid == 0)
$site_guid = $CONFIG->site_guid;
- $access = get_access_list();
$where = array();
@@ -371,7 +370,7 @@
$query = "SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}entities e JOIN {$CONFIG->dbprefix}metadata m on e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where";
foreach ($where as $w)
$query .= " $w and ";
- $query .= " (e.access_id in {$access} or (e.access_id = 0 and e.owner_guid = {$_SESSION['id']}))"; // Add access controls
+ $query .= get_access_sql_suffix("e"); // Add access controls
$query .= " order by $order_by limit $offset, $limit"; // Add order and limit
return get_data($query, "row_to_elggmetadata");
@@ -405,7 +404,7 @@
if ($site_guid == 0)
$site_guid = $CONFIG->site_guid;
- $access = get_access_list();
+ //$access = get_access_list();
$where = array();
@@ -423,7 +422,7 @@
$query = "SELECT distinct e.* from {$CONFIG->dbprefix}entities e JOIN {$CONFIG->dbprefix}metadata m on e.guid = m.entity_guid where";
foreach ($where as $w)
$query .= " $w and ";
- $query .= " (e.access_id in {$access} or (e.access_id = 0 and e.owner_guid = {$_SESSION['id']}))"; // Add access controls
+ $query .= get_access_sql_suffix("e"); // Add access controls
$query .= " order by $order_by limit $offset, $limit"; // Add order and limit
return get_data($query, "entity_row_to_elggstar");
@@ -473,7 +472,7 @@
if ($site_guid == 0)
$site_guid = $CONFIG->site_guid;
- $access = get_access_list();
+ //$access = get_access_list();
if ($entity_type!="")
$where[] = "e.type = '{$entity_type}'";
@@ -485,7 +484,7 @@
$query = "SELECT distinct e.* from {$CONFIG->dbprefix}entities e {$join} where";
foreach ($where as $w)
$query .= " $w and ";
- $query .= " (e.access_id in {$access} or (e.access_id = 0 and e.owner_guid = {$_SESSION['id']}))"; // Add access controls
+ $query .= get_access_sql_suffix("e"); // Add access controls
$query .= " order by $order_by limit $offset, $limit"; // Add order and limit
return get_data($query, "entity_row_to_elggstar");
diff --git a/engine/lib/relationships.php b/engine/lib/relationships.php
index 0d21793a3..b5d5816a1 100644
--- a/engine/lib/relationships.php
+++ b/engine/lib/relationships.php
@@ -443,7 +443,7 @@
if ($site_guid == 0)
$site_guid = $CONFIG->site_guid;
- $access = get_access_list();
+ //$access = get_access_list();
$where = array();
@@ -473,7 +473,7 @@
$query .= " from {$CONFIG->dbprefix}entity_relationships r JOIN {$CONFIG->dbprefix}entities e on $joinon where ";
foreach ($where as $w)
$query .= " $w and ";
- $query .= " (e.access_id in {$access} or (e.access_id = 0 and e.owner_guid = {$_SESSION['id']}))"; // Add access controls
+ $query .= get_access_sql_suffix("e"); // Add access controls
if (!$count) {
$query .= " order by $order_by limit $offset, $limit"; // Add order and limit
return get_data($query, "entity_row_to_elggstar");