From b29dab42eab7c64ca1945eb70fa7713f8898f6ae Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Thu, 12 Mar 2009 19:25:24 +0000 Subject: [PATCH] Fixes/rewrites for missing sql_patches and check on admin's default access mode (allow/deny) --- inc/functions.php | 4 +++- inc/libs/admins_functions.php | 14 ++++++++------ inc/libs/user_functions.php | 2 +- inc/modules/admin/admin-inc.php | 2 +- inc/mysql-manager.php | 6 +++++- 5 files changed, 18 insertions(+), 10 deletions(-) diff --git a/inc/functions.php b/inc/functions.php index 9daec4f80d..c875a91aee 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -2832,9 +2832,11 @@ function GENERATE_AID_LINK ($aid) { $admin = "{--ADMIN_NO_ADMIN_ASSIGNED--}"; // Zero? = Not assigned - if ($aid > 0) { + if (bigintval($aid) > 0) { // Load admin's login $login = GET_ADMIN_LOGIN($aid); + + // Is the login valid? if ($login != "***") { // Is the extension there? if (EXT_IS_ACTIVE("admins")) { diff --git a/inc/libs/admins_functions.php b/inc/libs/admins_functions.php index c0d4c13023..a981f8d148 100644 --- a/inc/libs/admins_functions.php +++ b/inc/libs/admins_functions.php @@ -115,26 +115,28 @@ function ADMINS_CHECK_ACL($act, $wht) { } // END - if // Return value + //* DEBUG: */ print __FUNCTION__."[".__LINE__."]:act={$act},wht={$wht},default={$default},acl_mode={$acl_mode}
\n"; return $ret; } // Create email link to admins's account function ADMINS_CREATE_EMAIL_LINK ($email, $mod="admin") { - if (strpos("@", $email) > 0) { + // Is it an email? + if (strpos($email, "@") !== false) { // Create email link - $result = SQL_QUERY_ESC("SELECT id + $result = SQL_QUERY_ESC("SELECT `id` FROM `{!_MYSQL_PREFIX!}_admins` -WHERE email='%s' LIMIT 1", +WHERE `email`='%s' LIMIT 1", array($email), __FUNCTION__, __LINE__); // Is there an entry? if (SQL_NUMROWS($result) == 1) { // Load userid - list($uid) = SQL_FETCHROW($result); + list($aid) = SQL_FETCHROW($result); // Rewrite email address to contact link - $email = "{!URL!}/modules.php?module=".$mod."&what=user_contct&uid=".bigintval($uid); - } + $email = "{!URL!}/modules.php?module=".$mod."&what=admins_contct&admin=".bigintval($aid); + } // END - if // Free memory SQL_FREERESULT($result); diff --git a/inc/libs/user_functions.php b/inc/libs/user_functions.php index 18038d7112..8e913f21ae 100644 --- a/inc/libs/user_functions.php +++ b/inc/libs/user_functions.php @@ -204,7 +204,7 @@ function USER_CREATE_EMAIL_LINK($email, $mod="admin") { $result = SQL_QUERY_ESC("SELECT userid FROM `{!_MYSQL_PREFIX!}_user_data` -WHERE email='%s'".$locked." LIMIT 1", +WHERE `email`='%s'".$locked." LIMIT 1", array($email), __FUNCTION__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Load userid diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index 5efb6f5597..f0aff19e6a 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -946,7 +946,7 @@ function ADMIN_BUILD_STATUS_HANDLER ($mode, $IDs, $table, $columns, $filterFunct } // END - foreach // Finish SQL statement - $sql = substr($sql, 0, -1) . sprintf(" WHERE %s=%s AND %s='%s' LIMIT 1", + $sql = substr($sql, 0, -1) . sprintf(" WHERE `%s`=%s AND `%s`='%s' LIMIT 1", $idColumn, bigintval($id), $statusColumn, diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index 111c65c3ef..db3015241a 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -1472,7 +1472,11 @@ function GET_ADMIN_DEFAULT_ACL ($aid) { // By default an invalid ACL value is returned $ret = "***"; - if (isset($GLOBALS['cache_array']['admins']['def_acl'][$aid])) { + // Is sql_patches there and was it found in cache? + if (!EXT_IS_ACTIVE("sql_patches")) { + // Not found, which is bad, so we need to allow all + $ret = "allow"; + } elseif (isset($GLOBALS['cache_array']['admins']['def_acl'][$aid])) { // Use cache $ret = $GLOBALS['cache_array']['admins']['def_acl'][$aid]; -- 2.39.5