archive/piwigo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: allow adviser message was not allowing cookies to be sent

Browse source 
fix: cookie deletion on logout uses ini_get (on some systems
ini_set(cookie_path) is ignored)

bug 322: locked category is visible to all the users/groups that have been
assigned the permissions

git-svn-id: http://piwigo.org/svn/trunk@1117 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
rvelices 2006-04-01 01:24:21 +00:00
commit 7b4a6232ca
3 changed files with 24 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

1
include/common.inc.php
View file

@ -234,6 +234,7 @@ include(
if (is_adviser()) if (is_adviser())
{ {
ob_start();// buffer output so that cookies work
echo ' echo '
<div class="titrePage"> <div class="titrePage">
<h2> <h2>

43
include/functions_user.inc.php
View file

@ -300,23 +300,6 @@ SELECT id
array_push($private_array, $row['id']); array_push($private_array, $row['id']);
} }
// if user is not an admin, locked categories can be considered as private$
if (!is_admin($user_status))
{
$query = '
SELECT id
FROM '.CATEGORIES_TABLE.'
WHERE visible = \'false\'
;';
$result = pwg_query($query);
while ($row = mysql_fetch_array($result))
{
array_push($private_array, $row['id']);
}
$private_array = array_unique($private_array);
}
// retrieve category ids directly authorized to the user // retrieve category ids directly authorized to the user
$query = ' $query = '
SELECT cat_id SELECT cat_id
@ -345,10 +328,28 @@ SELECT cat_id
// only unauthorized private categories are forbidden // only unauthorized private categories are forbidden
$forbidden_array = array_diff($private_array, $authorized_array); $forbidden_array = array_diff($private_array, $authorized_array);
// at least, the list contains -1 values. This category does not exists so // if user is not an admin, locked categories are forbidden
// where clauses such as "WHERE category_id NOT IN(-1)" will always be if (!is_admin($user_status))
// true. {
array_push($forbidden_array, '-1'); $query = '
SELECT id
FROM '.CATEGORIES_TABLE.'
WHERE visible = \'false\'
;';
$result = pwg_query($query);
while ($row = mysql_fetch_array($result))
{
array_push($forbidden_array, $row['id']);
}
$forbidden_array = array_unique($forbidden_array);
}
if ( empty($forbidden_array) )
{// at least, the list contains -1 values. This category does not exists so
// where clauses such as "WHERE category_id NOT IN(-1)" will always be
// true.
array_push($forbidden_array, '-1');
}
return implode(',', $forbidden_array); return implode(',', $forbidden_array);
} }

2
index.php
View file

@ -44,7 +44,7 @@ if ( isset( $_GET['act'] )
$_SESSION = array(); $_SESSION = array();
session_unset(); session_unset();
session_destroy(); session_destroy();
setcookie(session_name(),'',0, cookie_path() ); setcookie(session_name(),'',0, ini_get('session.cookie_path') );
redirect( make_index_url() ); redirect( make_index_url() );
} }