aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--engine/lib/access.php4
-rw-r--r--engine/lib/metadata.php28
2 files changed, 21 insertions, 11 deletions
diff --git a/engine/lib/access.php b/engine/lib/access.php
index 2df9aea58..313fc7476 100644
--- a/engine/lib/access.php
+++ b/engine/lib/access.php
@@ -25,7 +25,7 @@
global $CONFIG;
- if (!isset($access_list))
+ //if (!isset($access_list))
$access_list = array();
if ($user_id == 0) $user_id = $_SESSION['id'];
@@ -52,7 +52,7 @@
global $CONFIG;
static $access_array;
- if (!isset($access_array))
+ //if (!isset($access_array))
$access_array = array();
if ($user_id == 0) $user_id = $_SESSION['guid'];
diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php
index d509424e2..376c6ecdd 100644
--- a/engine/lib/metadata.php
+++ b/engine/lib/metadata.php
@@ -151,9 +151,10 @@
global $CONFIG;
$id = (int)$id;
- $access = get_access_sql_suffix("e");
+ $access = get_access_sql_suffix("e");
+ $md_access = get_access_sql_suffix("m");
- return row_to_elggmetadata(get_data_row("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e on e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.id=$id and $access"));
+ return row_to_elggmetadata(get_data_row("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e on e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.id=$id and $access and $md_access"));
}
/**
@@ -363,11 +364,16 @@
function get_metadata_byname($entity_guid, $meta_name)
{
global $CONFIG;
-
- $meta_name = get_metastring_id($meta_name);
+
+ $meta_name = get_metastring_id($meta_name);
+
+ if (empty($meta_name)) return false;
+
$entity_guid = (int)$entity_guid;
- $access = get_access_sql_suffix("e");
- $result = get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e ON e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and m.name_id='$meta_name' and $access", "row_to_elggmetadata");
+ $access = get_access_sql_suffix("e");
+ $md_access = get_access_sql_suffix("m");
+
+ $result = get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e ON e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and m.name_id='$meta_name' and $access and $md_access", "row_to_elggmetadata");
if (!$result)
return false;
@@ -387,9 +393,10 @@
global $CONFIG;
$entity_guid = (int)$entity_guid;
- $access = get_access_sql_suffix("e");
+ $access = get_access_sql_suffix("e");
+ $md_access = get_access_sql_suffix("e");
- return get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e ON e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and $access", "row_to_elggmetadata");
+ return get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e ON e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and $access and $md_access", "row_to_elggmetadata");
}
/**
@@ -442,7 +449,8 @@
$query = "SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}entities e JOIN {$CONFIG->dbprefix}metadata m on e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where";
foreach ($where as $w)
$query .= " $w and ";
- $query .= get_access_sql_suffix("e"); // Add access controls
+ $query .= get_access_sql_suffix("e"); // Add access controls
+ $query .= ' and ' . get_access_sql_suffix("m"); // Add access controls
$query .= " order by $order_by limit $offset, $limit"; // Add order and limit
return get_data($query, "row_to_elggmetadata");
@@ -516,6 +524,7 @@
foreach ($where as $w)
$query .= " $w and ";
$query .= get_access_sql_suffix("e"); // Add access controls
+ $query .= ' and ' . get_access_sql_suffix("m"); // Add access controls
if (!$count) {
$query .= " order by $order_by limit $offset, $limit"; // Add order and limit
@@ -622,6 +631,7 @@
foreach ($where as $w)
$query .= " $w and ";
$query .= get_access_sql_suffix("e"); // Add access controls
+ $query .= ' and ' . get_access_sql_suffix("e"); // Add access controls
if (!$count) {
$query .= " order by $order_by limit $offset, $limit"; // Add order and limit