From 43828480d83cff68ba2963719858fabc69b2c831 Mon Sep 17 00:00:00 2001 From: icewing Date: Tue, 3 Jun 2008 10:50:45 +0000 Subject: Marcus Povey * Fixed annotations not returning anything * Access control on db now disabled when run from privileged code block. git-svn-id: https://code.elgg.org/elgg/trunk@780 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/annotations.php | 33 +++++++++++++++++---------------- engine/lib/entities.php | 10 ++++------ engine/lib/metadata.php | 27 +++++++++++++-------------- engine/lib/relationships.php | 4 ++-- 4 files changed, 36 insertions(+), 38 deletions(-) (limited to 'engine/lib') diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php index e04c302e1..2488a8422 100644 --- a/engine/lib/annotations.php +++ b/engine/lib/annotations.php @@ -134,9 +134,9 @@ global $CONFIG; $annotation_id = (int) $annotation_id; - $access = get_access_list(); + $access = get_access_sql_suffix("a"); - return row_to_elggannotation(get_data_row("select a.*, n.string as name, v.string as value from {$CONFIG->dbprefix}annotations a JOIN {$CONFIG->dbprefix}metastrings n on a.name_id = n.id JOIN {$CONFIG->dbprefix}metastrings v on a.value_id = v.id where a.id=$annotation_id and (a.access_id in {$access} or (a.access_id = 0 and a.owner_guid = {$_SESSION['id']}))")); + return row_to_elggannotation(get_data_row("select a.*, n.string as name, v.string as value from {$CONFIG->dbprefix}annotations a JOIN {$CONFIG->dbprefix}metastrings n on a.name_id = n.id JOIN {$CONFIG->dbprefix}metastrings v on a.value_id = v.id where a.id=$annotation_id and $access")); } /** @@ -200,7 +200,7 @@ $access_id = (int)$access_id; - $access = get_access_list(); + $access = get_access_sql_suffix(); // Add the metastring $value = add_metastring($value); @@ -210,7 +210,7 @@ if (!$name) return false; // If ok then add it - return update_data("UPDATE {$CONFIG->dbprefix}annotations set value_id='$value', value_type='$value_type', access_id=$access_id, owner_guid=$owner_guid where id=$annotation_id and name_id='$name' and (access_id in {$access} or (access_id = 0 and owner_guid = {$_SESSION['id']}))"); + return update_data("UPDATE {$CONFIG->dbprefix}annotations set value_id='$value', value_type='$value_type', access_id=$access_id, owner_guid=$owner_guid where id=$annotation_id and name_id='$name' and $access"); } /** @@ -232,18 +232,20 @@ $entity_guid = (int)$entity_guid; $entity_type = sanitise_string($entity_type); - $entity_subtype = get_subtype_id($entity_type, $entity_subtype); - $name = get_metastring_id($name); - if ($name === false) - $name = 0; + $entity_subtype = get_subtype_id($entity_type, $entity_subtype); + if ($name) + { + $name = get_metastring_id($name); + + if ($name === false) + $name = 0; + } if ($value != "") $value = get_metastring_id($value); $owner_guid = (int)$owner_guid; $limit = (int)$limit; $offset = (int)$offset; $order_by = sanitise_string($order_by); - $access = get_access_list(); - $where = array(); if ($entity_guid != 0) @@ -267,9 +269,9 @@ $query = "SELECT a.*, n.string as name, v.string as value from {$CONFIG->dbprefix}annotations a JOIN {$CONFIG->dbprefix}entities e on a.entity_guid = e.guid JOIN {$CONFIG->dbprefix}metastrings v on a.value_id=v.id JOIN {$CONFIG->dbprefix}metastrings n on a.name_id = n.id where "; foreach ($where as $w) $query .= " $w and "; - $query .= " (a.access_id in {$access} or (a.access_id = 0 and a.owner_guid = {$_SESSION['id']}))"; // Add access controls + $query .= get_access_sql_suffix("a"); // Add access controls $query .= " order by $order_by limit $offset,$limit"; // Add order and limit - return get_data($query, "row_to_elggannotation"); +echo "$query\n"; return get_data($query, "row_to_elggannotation"); } @@ -356,7 +358,6 @@ $entity_type = sanitise_string($entity_type); $entity_subtype = get_subtype_id($entity_type, $entity_subtype); $name = get_metastring_id($name); - $access = get_access_list(); $where = array(); @@ -375,7 +376,7 @@ $query = "SELECT $sum(ms.string) as sum from {$CONFIG->dbprefix}annotations a JOIN {$CONFIG->dbprefix}entities e on a.entity_guid = e.guid JOIN {$CONFIG->dbprefix}metastrings ms on a.value_id=ms.id WHERE "; foreach ($where as $w) $query .= " $w and "; - $query .= " (a.access_id in {$access} or (a.access_id = 0 and a.owner_guid = {$_SESSION['id']}))"; // now add access + $query .= get_access_sql_suffix("a"); // now add access $row = get_data_row($query); if ($row) @@ -395,9 +396,9 @@ $id = (int)$id; - $access = get_access_list(); + $access = get_access_sql_suffix(); - return delete_data("DELETE from {$CONFIG->dbprefix}annotations where id=$id and (access_id in {$access} or (access_id = 0 and owner_guid = {$_SESSION['id']}))"); + return delete_data("DELETE from {$CONFIG->dbprefix}annotations where id=$id and $access"); } /** diff --git a/engine/lib/entities.php b/engine/lib/entities.php index 3ae68a685..4507c2bb0 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -812,9 +812,9 @@ $guid = (int) $guid; - $access = get_access_list(); + $access = get_access_sql_suffix(); - return get_data_row("SELECT * from {$CONFIG->dbprefix}entities where guid=$guid and (access_id in {$access} or (access_id = 0 and owner_guid = {$_SESSION['id']}))"); + return get_data_row("SELECT * from {$CONFIG->dbprefix}entities where guid=$guid and $access"); } /** @@ -893,9 +893,7 @@ $site_guid = (int) $site_guid; if ($site_guid == 0) $site_guid = $CONFIG->site_guid; - - $access = get_access_list(); - + $where = array(); if ($type != "") @@ -923,7 +921,7 @@ } foreach ($where as $w) $query .= " $w and "; - $query .= " (access_id in {$access} or (access_id = 0 and owner_guid = {$_SESSION['id']}))"; // Add access controls + $query .= get_access_sql_suffix(); // Add access controls if (!$count) { $query .= " order by $order_by"; if ($limit) $query .= " limit $offset, $limit"; // Add order and limit diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php index dd678b599..798505288 100644 --- a/engine/lib/metadata.php +++ b/engine/lib/metadata.php @@ -130,9 +130,9 @@ global $CONFIG; $id = (int)$id; - $access = get_access_list(); + $access = get_access_sql_suffix("m"); - return row_to_elggmetadata(get_data_row("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.id=$id and (m.access_id in {$access} or (m.access_id = 0 and m.owner_guid = {$_SESSION['id']}))")); + return row_to_elggmetadata(get_data_row("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.id=$id and $access")); } /** @@ -238,7 +238,7 @@ $access_id = (int)$access_id; - $access = get_access_list(); + $access = get_access_sql_suffix(); // Add the metastring @@ -249,7 +249,7 @@ if (!$name) return false; // If ok then add it - return update_data("UPDATE {$CONFIG->dbprefix}metadata set value_id='$value', value_type='$value_type', access_id=$access_id, owner_guid=$owner_guid where id=$id and name_id='$name' and (access_id in {$access} or (access_id = 0 and owner_guid = {$_SESSION['id']}))"); + return update_data("UPDATE {$CONFIG->dbprefix}metadata set value_id='$value', value_type='$value_type', access_id=$access_id, owner_guid=$owner_guid where id=$id and name_id='$name' and $access"); } /** @@ -299,8 +299,8 @@ $meta_name = get_metastring_id($meta_name); $entity_guid = (int)$entity_guid; - $access = get_access_list(); - $result = get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and m.name_id='$meta_name' and (m.access_id in {$access} or (m.access_id = 0 and m.owner_guid = {$_SESSION['id']}))", "row_to_elggmetadata"); + $access = get_access_sql_suffix("m"); + $result = get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and m.name_id='$meta_name' and $access", "row_to_elggmetadata"); if (!$result) return false; @@ -320,9 +320,9 @@ global $CONFIG; $entity_guid = (int)$entity_guid; - $access = get_access_list(); + $access = get_access_sql_suffix("m"); - return get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and (m.access_id in {$access} or (m.access_id = 0 and m.owner_guid = {$_SESSION['id']}))", "row_to_elggmetadata"); + return get_data("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.entity_guid=$entity_guid and $access", "row_to_elggmetadata"); } /** @@ -353,7 +353,6 @@ if ($site_guid == 0) $site_guid = $CONFIG->site_guid; - $access = get_access_list(); $where = array(); @@ -371,7 +370,7 @@ $query = "SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}entities e JOIN {$CONFIG->dbprefix}metadata m on e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where"; foreach ($where as $w) $query .= " $w and "; - $query .= " (e.access_id in {$access} or (e.access_id = 0 and e.owner_guid = {$_SESSION['id']}))"; // Add access controls + $query .= get_access_sql_suffix("e"); // Add access controls $query .= " order by $order_by limit $offset, $limit"; // Add order and limit return get_data($query, "row_to_elggmetadata"); @@ -405,7 +404,7 @@ if ($site_guid == 0) $site_guid = $CONFIG->site_guid; - $access = get_access_list(); + //$access = get_access_list(); $where = array(); @@ -423,7 +422,7 @@ $query = "SELECT distinct e.* from {$CONFIG->dbprefix}entities e JOIN {$CONFIG->dbprefix}metadata m on e.guid = m.entity_guid where"; foreach ($where as $w) $query .= " $w and "; - $query .= " (e.access_id in {$access} or (e.access_id = 0 and e.owner_guid = {$_SESSION['id']}))"; // Add access controls + $query .= get_access_sql_suffix("e"); // Add access controls $query .= " order by $order_by limit $offset, $limit"; // Add order and limit return get_data($query, "entity_row_to_elggstar"); @@ -473,7 +472,7 @@ if ($site_guid == 0) $site_guid = $CONFIG->site_guid; - $access = get_access_list(); + //$access = get_access_list(); if ($entity_type!="") $where[] = "e.type = '{$entity_type}'"; @@ -485,7 +484,7 @@ $query = "SELECT distinct e.* from {$CONFIG->dbprefix}entities e {$join} where"; foreach ($where as $w) $query .= " $w and "; - $query .= " (e.access_id in {$access} or (e.access_id = 0 and e.owner_guid = {$_SESSION['id']}))"; // Add access controls + $query .= get_access_sql_suffix("e"); // Add access controls $query .= " order by $order_by limit $offset, $limit"; // Add order and limit return get_data($query, "entity_row_to_elggstar"); diff --git a/engine/lib/relationships.php b/engine/lib/relationships.php index 0d21793a3..b5d5816a1 100644 --- a/engine/lib/relationships.php +++ b/engine/lib/relationships.php @@ -443,7 +443,7 @@ if ($site_guid == 0) $site_guid = $CONFIG->site_guid; - $access = get_access_list(); + //$access = get_access_list(); $where = array(); @@ -473,7 +473,7 @@ $query .= " from {$CONFIG->dbprefix}entity_relationships r JOIN {$CONFIG->dbprefix}entities e on $joinon where "; foreach ($where as $w) $query .= " $w and "; - $query .= " (e.access_id in {$access} or (e.access_id = 0 and e.owner_guid = {$_SESSION['id']}))"; // Add access controls + $query .= get_access_sql_suffix("e"); // Add access controls if (!$count) { $query .= " order by $order_by limit $offset, $limit"; // Add order and limit return get_data($query, "entity_row_to_elggstar"); -- cgit v1.2.3