aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--admin/themes/default/template/user_list.tpl3
-rw-r--r--admin/user_list_backend.php26
-rw-r--r--include/ws_functions/pwg.permissions.php18
-rw-r--r--include/ws_functions/pwg.users.php10
4 files changed, 32 insertions, 25 deletions
diff --git a/admin/themes/default/template/user_list.tpl b/admin/themes/default/template/user_list.tpl
index 1f86c2a83..eb6570ef6 100644
--- a/admin/themes/default/template/user_list.tpl
+++ b/admin/themes/default/template/user_list.tpl
@@ -205,7 +205,7 @@ jQuery(document).ready(function() {
userDetails += '<br><select multiple class="chzn-select" style="width:340px;" name="group_id[]">';
jQuery("#action select[name=associate] option").each(function() {
var selected = '';
- if (user.groups.indexOf(jQuery(this).val()) != -1) {
+ if (user.groups.indexOf( parseInt(jQuery(this).val()) ) != -1) {
selected = ' selected="selected"';
}
userDetails += '<option value="'+jQuery(this).val()+'"'+selected+'>'+jQuery(this).html()+'</option>';
@@ -553,6 +553,7 @@ jQuery(document).ready(function() {
"bDeferRender": true,
"bProcessing": true,
"bServerSide": true,
+ "sServerMethod": "POST",
"sAjaxSource": "admin/user_list_backend.php",
"oLanguage": {
"sProcessing": "{/literal}{'Loading...'|translate|escape:'javascript'}{literal}",
diff --git a/admin/user_list_backend.php b/admin/user_list_backend.php
index 1a2509c6a..8bafde6df 100644
--- a/admin/user_list_backend.php
+++ b/admin/user_list_backend.php
@@ -28,25 +28,25 @@ $sTable = USERS_TABLE.' INNER JOIN '.USER_INFOS_TABLE.' AS ui ON id = ui.user_id
* Paging
*/
$sLimit = "";
-if ( isset( $_GET['iDisplayStart'] ) && $_GET['iDisplayLength'] != '-1' )
+if ( isset( $_REQUEST['iDisplayStart'] ) && $_REQUEST['iDisplayLength'] != '-1' )
{
- $sLimit = "LIMIT ".pwg_db_real_escape_string( $_GET['iDisplayStart'] ).", ".
- pwg_db_real_escape_string( $_GET['iDisplayLength'] );
+ $sLimit = "LIMIT ".pwg_db_real_escape_string( $_REQUEST['iDisplayStart'] ).", ".
+ pwg_db_real_escape_string( $_REQUEST['iDisplayLength'] );
}
/*
* Ordering
*/
-if ( isset( $_GET['iSortCol_0'] ) )
+if ( isset( $_REQUEST['iSortCol_0'] ) )
{
$sOrder = "ORDER BY ";
- for ( $i=0 ; $i<intval( $_GET['iSortingCols'] ) ; $i++ )
+ for ( $i=0 ; $i<intval( $_REQUEST['iSortingCols'] ) ; $i++ )
{
- if ( $_GET[ 'bSortable_'.intval($_GET['iSortCol_'.$i]) ] == "true" )
+ if ( $_REQUEST[ 'bSortable_'.intval($_REQUEST['iSortCol_'.$i]) ] == "true" )
{
- $sOrder .= $aColumns[ intval( $_GET['iSortCol_'.$i] ) ]."
- ".pwg_db_real_escape_string( $_GET['sSortDir_'.$i] ) .", ";
+ $sOrder .= $aColumns[ intval( $_REQUEST['iSortCol_'.$i] ) ]."
+ ".pwg_db_real_escape_string( $_REQUEST['sSortDir_'.$i] ) .", ";
}
}
@@ -65,12 +65,12 @@ if ( isset( $_GET['iSortCol_0'] ) )
* on very large tables, and MySQL's regex functionality is very limited
*/
$sWhere = "";
-if ( $_GET['sSearch'] != "" )
+if ( $_REQUEST['sSearch'] != "" )
{
$sWhere = "WHERE (";
for ( $i=0 ; $i<count($aColumns) ; $i++ )
{
- $sWhere .= $aColumns[$i]." LIKE '%".pwg_db_real_escape_string( $_GET['sSearch'] )."%' OR ";
+ $sWhere .= $aColumns[$i]." LIKE '%".pwg_db_real_escape_string( $_REQUEST['sSearch'] )."%' OR ";
}
$sWhere = substr_replace( $sWhere, "", -3 );
$sWhere .= ')';
@@ -79,7 +79,7 @@ if ( $_GET['sSearch'] != "" )
/* Individual column filtering */
for ( $i=0 ; $i<count($aColumns) ; $i++ )
{
- if ( $_GET['bSearchable_'.$i] == "true" && $_GET['sSearch_'.$i] != '' )
+ if ( $_REQUEST['bSearchable_'.$i] == "true" && $_REQUEST['sSearch_'.$i] != '' )
{
if ( $sWhere == "" )
{
@@ -89,7 +89,7 @@ for ( $i=0 ; $i<count($aColumns) ; $i++ )
{
$sWhere .= " AND ";
}
- $sWhere .= $aColumns[$i]." LIKE '%".pwg_db_real_escape_string($_GET['sSearch_'.$i])."%' ";
+ $sWhere .= $aColumns[$i]." LIKE '%".pwg_db_real_escape_string($_REQUEST['sSearch_'.$i])."%' ";
}
}
@@ -129,7 +129,7 @@ $iTotal = $aResultTotal[0];
* Output
*/
$output = array(
- "sEcho" => intval($_GET['sEcho']),
+ "sEcho" => intval($_REQUEST['sEcho']),
"iTotalRecords" => $iTotal,
"iTotalDisplayRecords" => $iFilteredTotal,
"aaData" => array()
diff --git a/include/ws_functions/pwg.permissions.php b/include/ws_functions/pwg.permissions.php
index 67fc80f9f..89e120721 100644
--- a/include/ws_functions/pwg.permissions.php
+++ b/include/ws_functions/pwg.permissions.php
@@ -57,9 +57,9 @@ SELECT user_id, cat_id
{
if (!isset($perms[ $row['cat_id'] ]))
{
- $perms[ $row['cat_id'] ]['id'] = $row['cat_id'];
+ $perms[ $row['cat_id'] ]['id'] = intval($row['cat_id']);
}
- $perms[ $row['cat_id'] ]['users'][] = $row['user_id'];
+ $perms[ $row['cat_id'] ]['users'][] = intval($row['user_id']);
}
// indirect users
@@ -76,9 +76,9 @@ SELECT ug.user_id, ga.cat_id
{
if (!isset($perms[ $row['cat_id'] ]))
{
- $perms[ $row['cat_id'] ]['id'] = $row['cat_id'];
+ $perms[ $row['cat_id'] ]['id'] = intval($row['cat_id']);
}
- $perms[ $row['cat_id'] ]['users_indirect'][] = $row['user_id'];
+ $perms[ $row['cat_id'] ]['users_indirect'][] = intval($row['user_id']);
}
// groups
@@ -93,9 +93,9 @@ SELECT group_id, cat_id
{
if (!isset($perms[ $row['cat_id'] ]))
{
- $perms[ $row['cat_id'] ]['id'] = $row['cat_id'];
+ $perms[ $row['cat_id'] ]['id'] = intval($row['cat_id']);
}
- $perms[ $row['cat_id'] ]['groups'][] = $row['group_id'];
+ $perms[ $row['cat_id'] ]['groups'][] = intval($row['group_id']);
}
// filter by group and user
@@ -120,9 +120,9 @@ SELECT group_id, cat_id
}
}
- $cat['groups'] = !empty($cat['groups']) ? array_unique($cat['groups']) : array();
- $cat['users'] = !empty($cat['users']) ? array_unique($cat['users']) : array();
- $cat['users_indirect'] = !empty($cat['users_indirect']) ? array_unique($cat['users_indirect']) : array();
+ $cat['groups'] = !empty($cat['groups']) ? array_values(array_unique($cat['groups'])) : array();
+ $cat['users'] = !empty($cat['users']) ? array_values(array_unique($cat['users'])) : array();
+ $cat['users_indirect'] = !empty($cat['users_indirect']) ? array_values(array_unique($cat['users_indirect'])) : array();
}
unset($cat);
diff --git a/include/ws_functions/pwg.users.php b/include/ws_functions/pwg.users.php
index cbc988343..c63284d3e 100644
--- a/include/ws_functions/pwg.users.php
+++ b/include/ws_functions/pwg.users.php
@@ -167,7 +167,13 @@ SELECT DISTINCT ';
OFFSET '. ($params['per_page']*$params['page']) .'
;';
- $users = hash_from_query($query, 'id');
+ $users = array();
+ $result = pwg_query($query);
+ while ($row = pwg_db_fetch_assoc($result))
+ {
+ $row['id'] = intval($row['id']);
+ $users[ $row['id'] ] = $row;
+ }
if (count($users) > 0)
{
@@ -182,7 +188,7 @@ SELECT user_id, group_id
while ($row = pwg_db_fetch_assoc($result))
{
- $users[ $row['user_id'] ]['groups'][] = $row['group_id'];
+ $users[ $row['user_id'] ]['groups'][] = intval($row['group_id']);
}
}