diff options
| -rw-r--r-- | admin/themes/default/template/user_list.tpl | 3 | ||||
| -rw-r--r-- | admin/user_list_backend.php | 26 | ||||
| -rw-r--r-- | include/ws_functions/pwg.permissions.php | 18 | ||||
| -rw-r--r-- | include/ws_functions/pwg.users.php | 10 |
4 files changed, 32 insertions, 25 deletions
diff --git a/admin/themes/default/template/user_list.tpl b/admin/themes/default/template/user_list.tpl index 1f86c2a83..eb6570ef6 100644 --- a/admin/themes/default/template/user_list.tpl +++ b/admin/themes/default/template/user_list.tpl @@ -205,7 +205,7 @@ jQuery(document).ready(function() { userDetails += '<br><select multiple class="chzn-select" style="width:340px;" name="group_id[]">'; jQuery("#action select[name=associate] option").each(function() { var selected = ''; - if (user.groups.indexOf(jQuery(this).val()) != -1) { + if (user.groups.indexOf( parseInt(jQuery(this).val()) ) != -1) { selected = ' selected="selected"'; } userDetails += '<option value="'+jQuery(this).val()+'"'+selected+'>'+jQuery(this).html()+'</option>'; @@ -553,6 +553,7 @@ jQuery(document).ready(function() { "bDeferRender": true, "bProcessing": true, "bServerSide": true, + "sServerMethod": "POST", "sAjaxSource": "admin/user_list_backend.php", "oLanguage": { "sProcessing": "{/literal}{'Loading...'|translate|escape:'javascript'}{literal}", diff --git a/admin/user_list_backend.php b/admin/user_list_backend.php index 1a2509c6a..8bafde6df 100644 --- a/admin/user_list_backend.php +++ b/admin/user_list_backend.php @@ -28,25 +28,25 @@ $sTable = USERS_TABLE.' INNER JOIN '.USER_INFOS_TABLE.' AS ui ON id = ui.user_id * Paging */ $sLimit = ""; -if ( isset( $_GET['iDisplayStart'] ) && $_GET['iDisplayLength'] != '-1' ) +if ( isset( $_REQUEST['iDisplayStart'] ) && $_REQUEST['iDisplayLength'] != '-1' ) { - $sLimit = "LIMIT ".pwg_db_real_escape_string( $_GET['iDisplayStart'] ).", ". - pwg_db_real_escape_string( $_GET['iDisplayLength'] ); + $sLimit = "LIMIT ".pwg_db_real_escape_string( $_REQUEST['iDisplayStart'] ).", ". + pwg_db_real_escape_string( $_REQUEST['iDisplayLength'] ); } /* * Ordering */ -if ( isset( $_GET['iSortCol_0'] ) ) +if ( isset( $_REQUEST['iSortCol_0'] ) ) { $sOrder = "ORDER BY "; - for ( $i=0 ; $i<intval( $_GET['iSortingCols'] ) ; $i++ ) + for ( $i=0 ; $i<intval( $_REQUEST['iSortingCols'] ) ; $i++ ) { - if ( $_GET[ 'bSortable_'.intval($_GET['iSortCol_'.$i]) ] == "true" ) + if ( $_REQUEST[ 'bSortable_'.intval($_REQUEST['iSortCol_'.$i]) ] == "true" ) { - $sOrder .= $aColumns[ intval( $_GET['iSortCol_'.$i] ) ]." - ".pwg_db_real_escape_string( $_GET['sSortDir_'.$i] ) .", "; + $sOrder .= $aColumns[ intval( $_REQUEST['iSortCol_'.$i] ) ]." + ".pwg_db_real_escape_string( $_REQUEST['sSortDir_'.$i] ) .", "; } } @@ -65,12 +65,12 @@ if ( isset( $_GET['iSortCol_0'] ) ) * on very large tables, and MySQL's regex functionality is very limited */ $sWhere = ""; -if ( $_GET['sSearch'] != "" ) +if ( $_REQUEST['sSearch'] != "" ) { $sWhere = "WHERE ("; for ( $i=0 ; $i<count($aColumns) ; $i++ ) { - $sWhere .= $aColumns[$i]." LIKE '%".pwg_db_real_escape_string( $_GET['sSearch'] )."%' OR "; + $sWhere .= $aColumns[$i]." LIKE '%".pwg_db_real_escape_string( $_REQUEST['sSearch'] )."%' OR "; } $sWhere = substr_replace( $sWhere, "", -3 ); $sWhere .= ')'; @@ -79,7 +79,7 @@ if ( $_GET['sSearch'] != "" ) /* Individual column filtering */ for ( $i=0 ; $i<count($aColumns) ; $i++ ) { - if ( $_GET['bSearchable_'.$i] == "true" && $_GET['sSearch_'.$i] != '' ) + if ( $_REQUEST['bSearchable_'.$i] == "true" && $_REQUEST['sSearch_'.$i] != '' ) { if ( $sWhere == "" ) { @@ -89,7 +89,7 @@ for ( $i=0 ; $i<count($aColumns) ; $i++ ) { $sWhere .= " AND "; } - $sWhere .= $aColumns[$i]." LIKE '%".pwg_db_real_escape_string($_GET['sSearch_'.$i])."%' "; + $sWhere .= $aColumns[$i]." LIKE '%".pwg_db_real_escape_string($_REQUEST['sSearch_'.$i])."%' "; } } @@ -129,7 +129,7 @@ $iTotal = $aResultTotal[0]; * Output */ $output = array( - "sEcho" => intval($_GET['sEcho']), + "sEcho" => intval($_REQUEST['sEcho']), "iTotalRecords" => $iTotal, "iTotalDisplayRecords" => $iFilteredTotal, "aaData" => array() diff --git a/include/ws_functions/pwg.permissions.php b/include/ws_functions/pwg.permissions.php index 67fc80f9f..89e120721 100644 --- a/include/ws_functions/pwg.permissions.php +++ b/include/ws_functions/pwg.permissions.php @@ -57,9 +57,9 @@ SELECT user_id, cat_id { if (!isset($perms[ $row['cat_id'] ])) { - $perms[ $row['cat_id'] ]['id'] = $row['cat_id']; + $perms[ $row['cat_id'] ]['id'] = intval($row['cat_id']); } - $perms[ $row['cat_id'] ]['users'][] = $row['user_id']; + $perms[ $row['cat_id'] ]['users'][] = intval($row['user_id']); } // indirect users @@ -76,9 +76,9 @@ SELECT ug.user_id, ga.cat_id { if (!isset($perms[ $row['cat_id'] ])) { - $perms[ $row['cat_id'] ]['id'] = $row['cat_id']; + $perms[ $row['cat_id'] ]['id'] = intval($row['cat_id']); } - $perms[ $row['cat_id'] ]['users_indirect'][] = $row['user_id']; + $perms[ $row['cat_id'] ]['users_indirect'][] = intval($row['user_id']); } // groups @@ -93,9 +93,9 @@ SELECT group_id, cat_id { if (!isset($perms[ $row['cat_id'] ])) { - $perms[ $row['cat_id'] ]['id'] = $row['cat_id']; + $perms[ $row['cat_id'] ]['id'] = intval($row['cat_id']); } - $perms[ $row['cat_id'] ]['groups'][] = $row['group_id']; + $perms[ $row['cat_id'] ]['groups'][] = intval($row['group_id']); } // filter by group and user @@ -120,9 +120,9 @@ SELECT group_id, cat_id } } - $cat['groups'] = !empty($cat['groups']) ? array_unique($cat['groups']) : array(); - $cat['users'] = !empty($cat['users']) ? array_unique($cat['users']) : array(); - $cat['users_indirect'] = !empty($cat['users_indirect']) ? array_unique($cat['users_indirect']) : array(); + $cat['groups'] = !empty($cat['groups']) ? array_values(array_unique($cat['groups'])) : array(); + $cat['users'] = !empty($cat['users']) ? array_values(array_unique($cat['users'])) : array(); + $cat['users_indirect'] = !empty($cat['users_indirect']) ? array_values(array_unique($cat['users_indirect'])) : array(); } unset($cat); diff --git a/include/ws_functions/pwg.users.php b/include/ws_functions/pwg.users.php index cbc988343..c63284d3e 100644 --- a/include/ws_functions/pwg.users.php +++ b/include/ws_functions/pwg.users.php @@ -167,7 +167,13 @@ SELECT DISTINCT '; OFFSET '. ($params['per_page']*$params['page']) .' ;'; - $users = hash_from_query($query, 'id'); + $users = array(); + $result = pwg_query($query); + while ($row = pwg_db_fetch_assoc($result)) + { + $row['id'] = intval($row['id']); + $users[ $row['id'] ] = $row; + } if (count($users) > 0) { @@ -182,7 +188,7 @@ SELECT user_id, group_id while ($row = pwg_db_fetch_assoc($result)) { - $users[ $row['user_id'] ]['groups'][] = $row['group_id']; + $users[ $row['user_id'] ]['groups'][] = intval($row['group_id']); } } |