diff options
| author | rvelices <rv-github@modusoptimus.com> | 2006-04-01 01:24:21 +0000 |
|---|---|---|
| committer | rvelices <rv-github@modusoptimus.com> | 2006-04-01 01:24:21 +0000 |
| commit | 7b4a6232cac2d23d2aecf7aeca06643429e1805d (patch) | |
| tree | 98995f6dcd6d6e924c34fbbf9e09d6724e473090 | |
| parent | 324f3c4279ee0d1ff24e297535f5a62cc777ace1 (diff) | |
fix: allow adviser message was not allowing cookies to be sent
fix: cookie deletion on logout uses ini_get (on some systems
ini_set(cookie_path) is ignored)
bug 322: locked category is visible to all the users/groups that have been
assigned the permissions
git-svn-id: http://piwigo.org/svn/trunk@1117 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
| -rw-r--r-- | include/common.inc.php | 1 | ||||
| -rw-r--r-- | include/functions_user.inc.php | 43 | ||||
| -rw-r--r-- | index.php | 2 |
3 files changed, 24 insertions, 22 deletions
diff --git a/include/common.inc.php b/include/common.inc.php index 2b7757819..42697353e 100644 --- a/include/common.inc.php +++ b/include/common.inc.php @@ -234,6 +234,7 @@ include( if (is_adviser()) { + ob_start();// buffer output so that cookies work echo ' <div class="titrePage"> <h2> diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index c1e601aeb..cfa4d53aa 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -300,23 +300,6 @@ SELECT id array_push($private_array, $row['id']); } - // if user is not an admin, locked categories can be considered as private$ - if (!is_admin($user_status)) - { - $query = ' -SELECT id - FROM '.CATEGORIES_TABLE.' - WHERE visible = \'false\' -;'; - $result = pwg_query($query); - while ($row = mysql_fetch_array($result)) - { - array_push($private_array, $row['id']); - } - - $private_array = array_unique($private_array); - } - // retrieve category ids directly authorized to the user $query = ' SELECT cat_id @@ -345,10 +328,28 @@ SELECT cat_id // only unauthorized private categories are forbidden $forbidden_array = array_diff($private_array, $authorized_array); - // at least, the list contains -1 values. This category does not exists so - // where clauses such as "WHERE category_id NOT IN(-1)" will always be - // true. - array_push($forbidden_array, '-1'); + // if user is not an admin, locked categories are forbidden + if (!is_admin($user_status)) + { + $query = ' +SELECT id + FROM '.CATEGORIES_TABLE.' + WHERE visible = \'false\' +;'; + $result = pwg_query($query); + while ($row = mysql_fetch_array($result)) + { + array_push($forbidden_array, $row['id']); + } + $forbidden_array = array_unique($forbidden_array); + } + + if ( empty($forbidden_array) ) + {// at least, the list contains -1 values. This category does not exists so + // where clauses such as "WHERE category_id NOT IN(-1)" will always be + // true. + array_push($forbidden_array, '-1'); + } return implode(',', $forbidden_array); } @@ -44,7 +44,7 @@ if ( isset( $_GET['act'] ) $_SESSION = array(); session_unset(); session_destroy(); - setcookie(session_name(),'',0, cookie_path() ); + setcookie(session_name(),'',0, ini_get('session.cookie_path') ); redirect( make_index_url() ); } |