diff options
| -rw-r--r-- | engine/lib/access.php | 4 | ||||
| -rw-r--r-- | engine/lib/metadata.php | 28 |
2 files changed, 21 insertions, 11 deletions
diff --git a/engine/lib/access.php b/engine/lib/access.php index 2df9aea58..313fc7476 100644 --- a/engine/lib/access.php +++ b/engine/lib/access.php @@ -25,7 +25,7 @@ global $CONFIG;
- if (!isset($access_list))
+ //if (!isset($access_list))
$access_list = array();
if ($user_id == 0) $user_id = $_SESSION['id'];
@@ -52,7 +52,7 @@ global $CONFIG;
static $access_array; - if (!isset($access_array))
+ //if (!isset($access_array))
$access_array = array();
if ($user_id == 0) $user_id = $_SESSION['guid'];
diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php index d509424e2..376c6ecdd 100644 --- a/engine/lib/metadata.php +++ b/engine/lib/metadata.php @@ -151,9 +151,10 @@ global $CONFIG; $id = (int)$id; - $access = get_access_sql_suffix("e"); + $access = get_access_sql_suffix("e");
+ $md_access = get_access_sql_suffix("m"); - return row_to_elggmetadata(get_data_row("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e on e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.id=$id and $access")); + return row_to_elggmetadata(get_data_row("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e on e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.id=$id and $access and $md_access")); } /**
@@ -363,11 +364,16 @@ function get_metadata_byname($entity_guid, $meta_name) { global $CONFIG; - - $meta_name = get_metastring_id($meta_name); +
+ $meta_name = get_metastring_id($meta_name);
+
+ if (empty($meta_name)) return false;
+ $entity_guid = (int)$entity_guid; - $access = get_access_sql_suffix("e"); - $result = get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e ON e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and m.name_id='$meta_name' and $access", "row_to_elggmetadata"); + $access = get_access_sql_suffix("e");
+ $md_access = get_access_sql_suffix("m");
+
+ $result = get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e ON e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and m.name_id='$meta_name' and $access and $md_access", "row_to_elggmetadata"); if (!$result) return false; @@ -387,9 +393,10 @@ global $CONFIG; $entity_guid = (int)$entity_guid; - $access = get_access_sql_suffix("e"); + $access = get_access_sql_suffix("e");
+ $md_access = get_access_sql_suffix("e"); - return get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e ON e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and $access", "row_to_elggmetadata"); + return get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e ON e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and $access and $md_access", "row_to_elggmetadata"); } /** @@ -442,7 +449,8 @@ $query = "SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}entities e JOIN {$CONFIG->dbprefix}metadata m on e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where"; foreach ($where as $w) $query .= " $w and "; - $query .= get_access_sql_suffix("e"); // Add access controls + $query .= get_access_sql_suffix("e"); // Add access controls
+ $query .= ' and ' . get_access_sql_suffix("m"); // Add access controls $query .= " order by $order_by limit $offset, $limit"; // Add order and limit return get_data($query, "row_to_elggmetadata"); @@ -516,6 +524,7 @@ foreach ($where as $w) $query .= " $w and "; $query .= get_access_sql_suffix("e"); // Add access controls
+ $query .= ' and ' . get_access_sql_suffix("m"); // Add access controls
if (!$count) { $query .= " order by $order_by limit $offset, $limit"; // Add order and limit @@ -622,6 +631,7 @@ foreach ($where as $w)
$query .= " $w and ";
$query .= get_access_sql_suffix("e"); // Add access controls
+ $query .= ' and ' . get_access_sql_suffix("e"); // Add access controls
if (!$count) {
$query .= " order by $order_by limit $offset, $limit"; // Add order and limit
|