diff options
author | icewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-06-03 10:50:45 +0000 |
---|---|---|
committer | icewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-06-03 10:50:45 +0000 |
commit | 43828480d83cff68ba2963719858fabc69b2c831 (patch) | |
tree | 441389aec12c3f230eeb691f14c883bd70cf9cfa /engine | |
parent | f1caa7a05133f1879c6d74aa581720d5f65f884f (diff) | |
download | elgg-43828480d83cff68ba2963719858fabc69b2c831.tar.gz elgg-43828480d83cff68ba2963719858fabc69b2c831.tar.bz2 |
Marcus Povey <marcus@dushka.co.uk>
* Fixed annotations not returning anything
* Access control on db now disabled when run from privileged code block.
git-svn-id: https://code.elgg.org/elgg/trunk@780 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine')
-rw-r--r-- | engine/lib/annotations.php | 33 | ||||
-rw-r--r-- | engine/lib/entities.php | 10 | ||||
-rw-r--r-- | engine/lib/metadata.php | 27 | ||||
-rw-r--r-- | engine/lib/relationships.php | 4 |
4 files changed, 36 insertions, 38 deletions
diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php index e04c302e1..2488a8422 100644 --- a/engine/lib/annotations.php +++ b/engine/lib/annotations.php @@ -134,9 +134,9 @@ global $CONFIG;
$annotation_id = (int) $annotation_id;
- $access = get_access_list();
+ $access = get_access_sql_suffix("a");
- return row_to_elggannotation(get_data_row("select a.*, n.string as name, v.string as value from {$CONFIG->dbprefix}annotations a JOIN {$CONFIG->dbprefix}metastrings n on a.name_id = n.id JOIN {$CONFIG->dbprefix}metastrings v on a.value_id = v.id where a.id=$annotation_id and (a.access_id in {$access} or (a.access_id = 0 and a.owner_guid = {$_SESSION['id']}))"));
+ return row_to_elggannotation(get_data_row("select a.*, n.string as name, v.string as value from {$CONFIG->dbprefix}annotations a JOIN {$CONFIG->dbprefix}metastrings n on a.name_id = n.id JOIN {$CONFIG->dbprefix}metastrings v on a.value_id = v.id where a.id=$annotation_id and $access"));
}
/**
@@ -200,7 +200,7 @@ $access_id = (int)$access_id;
- $access = get_access_list();
+ $access = get_access_sql_suffix();
// Add the metastring
$value = add_metastring($value);
@@ -210,7 +210,7 @@ if (!$name) return false;
// If ok then add it
- return update_data("UPDATE {$CONFIG->dbprefix}annotations set value_id='$value', value_type='$value_type', access_id=$access_id, owner_guid=$owner_guid where id=$annotation_id and name_id='$name' and (access_id in {$access} or (access_id = 0 and owner_guid = {$_SESSION['id']}))");
+ return update_data("UPDATE {$CONFIG->dbprefix}annotations set value_id='$value', value_type='$value_type', access_id=$access_id, owner_guid=$owner_guid where id=$annotation_id and name_id='$name' and $access");
}
/**
@@ -232,18 +232,20 @@ $entity_guid = (int)$entity_guid;
$entity_type = sanitise_string($entity_type);
- $entity_subtype = get_subtype_id($entity_type, $entity_subtype);
- $name = get_metastring_id($name);
- if ($name === false)
- $name = 0;
+ $entity_subtype = get_subtype_id($entity_type, $entity_subtype); + if ($name)
+ { + $name = get_metastring_id($name); +
+ if ($name === false)
+ $name = 0; + }
if ($value != "") $value = get_metastring_id($value);
$owner_guid = (int)$owner_guid;
$limit = (int)$limit;
$offset = (int)$offset;
$order_by = sanitise_string($order_by);
- $access = get_access_list();
-
$where = array();
if ($entity_guid != 0)
@@ -267,9 +269,9 @@ $query = "SELECT a.*, n.string as name, v.string as value from {$CONFIG->dbprefix}annotations a JOIN {$CONFIG->dbprefix}entities e on a.entity_guid = e.guid JOIN {$CONFIG->dbprefix}metastrings v on a.value_id=v.id JOIN {$CONFIG->dbprefix}metastrings n on a.name_id = n.id where ";
foreach ($where as $w)
$query .= " $w and ";
- $query .= " (a.access_id in {$access} or (a.access_id = 0 and a.owner_guid = {$_SESSION['id']}))"; // Add access controls
+ $query .= get_access_sql_suffix("a"); // Add access controls
$query .= " order by $order_by limit $offset,$limit"; // Add order and limit
- return get_data($query, "row_to_elggannotation");
+echo "$query\n"; return get_data($query, "row_to_elggannotation");
}
@@ -356,7 +358,6 @@ $entity_type = sanitise_string($entity_type);
$entity_subtype = get_subtype_id($entity_type, $entity_subtype);
$name = get_metastring_id($name);
- $access = get_access_list();
$where = array();
@@ -375,7 +376,7 @@ $query = "SELECT $sum(ms.string) as sum from {$CONFIG->dbprefix}annotations a JOIN {$CONFIG->dbprefix}entities e on a.entity_guid = e.guid JOIN {$CONFIG->dbprefix}metastrings ms on a.value_id=ms.id WHERE ";
foreach ($where as $w)
$query .= " $w and ";
- $query .= " (a.access_id in {$access} or (a.access_id = 0 and a.owner_guid = {$_SESSION['id']}))"; // now add access
+ $query .= get_access_sql_suffix("a"); // now add access
$row = get_data_row($query);
if ($row)
@@ -395,9 +396,9 @@ $id = (int)$id;
- $access = get_access_list();
+ $access = get_access_sql_suffix();
- return delete_data("DELETE from {$CONFIG->dbprefix}annotations where id=$id and (access_id in {$access} or (access_id = 0 and owner_guid = {$_SESSION['id']}))");
+ return delete_data("DELETE from {$CONFIG->dbprefix}annotations where id=$id and $access");
}
/**
diff --git a/engine/lib/entities.php b/engine/lib/entities.php index 3ae68a685..4507c2bb0 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -812,9 +812,9 @@ $guid = (int) $guid; - $access = get_access_list(); + $access = get_access_sql_suffix(); - return get_data_row("SELECT * from {$CONFIG->dbprefix}entities where guid=$guid and (access_id in {$access} or (access_id = 0 and owner_guid = {$_SESSION['id']}))"); + return get_data_row("SELECT * from {$CONFIG->dbprefix}entities where guid=$guid and $access"); } /** @@ -893,9 +893,7 @@ $site_guid = (int) $site_guid;
if ($site_guid == 0)
$site_guid = $CONFIG->site_guid; - - $access = get_access_list(); - + $where = array(); if ($type != "") @@ -923,7 +921,7 @@ } foreach ($where as $w) $query .= " $w and "; - $query .= " (access_id in {$access} or (access_id = 0 and owner_guid = {$_SESSION['id']}))"; // Add access controls
+ $query .= get_access_sql_suffix(); // Add access controls
if (!$count) {
$query .= " order by $order_by";
if ($limit) $query .= " limit $offset, $limit"; // Add order and limit diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php index dd678b599..798505288 100644 --- a/engine/lib/metadata.php +++ b/engine/lib/metadata.php @@ -130,9 +130,9 @@ global $CONFIG; $id = (int)$id; - $access = get_access_list(); + $access = get_access_sql_suffix("m"); - return row_to_elggmetadata(get_data_row("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.id=$id and (m.access_id in {$access} or (m.access_id = 0 and m.owner_guid = {$_SESSION['id']}))")); + return row_to_elggmetadata(get_data_row("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.id=$id and $access")); } /**
@@ -238,7 +238,7 @@ $access_id = (int)$access_id; - $access = get_access_list(); + $access = get_access_sql_suffix(); // Add the metastring @@ -249,7 +249,7 @@ if (!$name) return false; // If ok then add it - return update_data("UPDATE {$CONFIG->dbprefix}metadata set value_id='$value', value_type='$value_type', access_id=$access_id, owner_guid=$owner_guid where id=$id and name_id='$name' and (access_id in {$access} or (access_id = 0 and owner_guid = {$_SESSION['id']}))"); + return update_data("UPDATE {$CONFIG->dbprefix}metadata set value_id='$value', value_type='$value_type', access_id=$access_id, owner_guid=$owner_guid where id=$id and name_id='$name' and $access"); } /** @@ -299,8 +299,8 @@ $meta_name = get_metastring_id($meta_name); $entity_guid = (int)$entity_guid; - $access = get_access_list(); - $result = get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and m.name_id='$meta_name' and (m.access_id in {$access} or (m.access_id = 0 and m.owner_guid = {$_SESSION['id']}))", "row_to_elggmetadata"); + $access = get_access_sql_suffix("m"); + $result = get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and m.name_id='$meta_name' and $access", "row_to_elggmetadata"); if (!$result) return false; @@ -320,9 +320,9 @@ global $CONFIG; $entity_guid = (int)$entity_guid; - $access = get_access_list(); + $access = get_access_sql_suffix("m"); - return get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and (m.access_id in {$access} or (m.access_id = 0 and m.owner_guid = {$_SESSION['id']}))", "row_to_elggmetadata"); + return get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and $access", "row_to_elggmetadata"); } /** @@ -353,7 +353,6 @@ if ($site_guid == 0) $site_guid = $CONFIG->site_guid; - $access = get_access_list(); $where = array(); @@ -371,7 +370,7 @@ $query = "SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}entities e JOIN {$CONFIG->dbprefix}metadata m on e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where"; foreach ($where as $w) $query .= " $w and "; - $query .= " (e.access_id in {$access} or (e.access_id = 0 and e.owner_guid = {$_SESSION['id']}))"; // Add access controls + $query .= get_access_sql_suffix("e"); // Add access controls $query .= " order by $order_by limit $offset, $limit"; // Add order and limit return get_data($query, "row_to_elggmetadata"); @@ -405,7 +404,7 @@ if ($site_guid == 0)
$site_guid = $CONFIG->site_guid; - $access = get_access_list(); + //$access = get_access_list(); $where = array(); @@ -423,7 +422,7 @@ $query = "SELECT distinct e.* from {$CONFIG->dbprefix}entities e JOIN {$CONFIG->dbprefix}metadata m on e.guid = m.entity_guid where"; foreach ($where as $w) $query .= " $w and "; - $query .= " (e.access_id in {$access} or (e.access_id = 0 and e.owner_guid = {$_SESSION['id']}))"; // Add access controls + $query .= get_access_sql_suffix("e"); // Add access controls $query .= " order by $order_by limit $offset, $limit"; // Add order and limit return get_data($query, "entity_row_to_elggstar"); @@ -473,7 +472,7 @@ if ($site_guid == 0)
$site_guid = $CONFIG->site_guid;
- $access = get_access_list();
+ //$access = get_access_list();
if ($entity_type!="")
$where[] = "e.type = '{$entity_type}'";
@@ -485,7 +484,7 @@ $query = "SELECT distinct e.* from {$CONFIG->dbprefix}entities e {$join} where";
foreach ($where as $w)
$query .= " $w and ";
- $query .= " (e.access_id in {$access} or (e.access_id = 0 and e.owner_guid = {$_SESSION['id']}))"; // Add access controls
+ $query .= get_access_sql_suffix("e"); // Add access controls
$query .= " order by $order_by limit $offset, $limit"; // Add order and limit
return get_data($query, "entity_row_to_elggstar");
diff --git a/engine/lib/relationships.php b/engine/lib/relationships.php index 0d21793a3..b5d5816a1 100644 --- a/engine/lib/relationships.php +++ b/engine/lib/relationships.php @@ -443,7 +443,7 @@ if ($site_guid == 0) $site_guid = $CONFIG->site_guid; - $access = get_access_list(); + //$access = get_access_list(); $where = array(); @@ -473,7 +473,7 @@ $query .= " from {$CONFIG->dbprefix}entity_relationships r JOIN {$CONFIG->dbprefix}entities e on $joinon where "; foreach ($where as $w) $query .= " $w and "; - $query .= " (e.access_id in {$access} or (e.access_id = 0 and e.owner_guid = {$_SESSION['id']}))"; // Add access controls + $query .= get_access_sql_suffix("e"); // Add access controls if (!$count) { $query .= " order by $order_by limit $offset, $limit"; // Add order and limit return get_data($query, "entity_row_to_elggstar"); |