fix: allow adviser message was not allowing cookies to be sent

fix: cookie deletion on logout uses ini_get (on some systems ini_set(cookie_path) is ignored) bug 322: locked category is visible to all the users/groups that have been assigned the permissions git-svn-id: http://piwigo.org/svn/trunk@1117 68402e56-0260-453c-a942-63ccdbb3a9ee
Piwigo · Apr 1, 2006 · 7b4a623 · 7b4a623
1 parent 324f3c4
commit 7b4a623
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 22 deletions.
diff --git a/include/common.inc.php b/include/common.inc.php
@@ -234,6 +234,7 @@
 
 if (is_adviser())
 {
+  ob_start();// buffer output so that cookies work
   echo '
   <div class="titrePage">
     <h2>

diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
@@ -300,23 +300,6 @@ function calculate_permissions($user_id, $user_status)
     array_push($private_array, $row['id']);
   }
 
-  // if user is not an admin, locked categories can be considered as private$
-  if (!is_admin($user_status))
-  {
-    $query = '
-SELECT id
-  FROM '.CATEGORIES_TABLE.'
-  WHERE visible = \'false\'
-;';
-    $result = pwg_query($query);
-    while ($row = mysql_fetch_array($result))
-    {
-      array_push($private_array, $row['id']);
-    }
-
-    $private_array = array_unique($private_array);
-  }
-
   // retrieve category ids directly authorized to the user
   $query = '
 SELECT cat_id
@@ -345,10 +328,28 @@ function calculate_permissions($user_id, $user_status)
   // only unauthorized private categories are forbidden
   $forbidden_array = array_diff($private_array, $authorized_array);
 
-  // at least, the list contains -1 values. This category does not exists so
-  // where clauses such as "WHERE category_id NOT IN(-1)" will always be
-  // true.
-  array_push($forbidden_array, '-1');
+  // if user is not an admin, locked categories are forbidden
+  if (!is_admin($user_status))
+  {
+    $query = '
+SELECT id
+  FROM '.CATEGORIES_TABLE.'
+  WHERE visible = \'false\'
+;';
+    $result = pwg_query($query);
+    while ($row = mysql_fetch_array($result))
+    {
+      array_push($forbidden_array, $row['id']);
+    }
+    $forbidden_array = array_unique($forbidden_array);
+  }
+
+  if ( empty($forbidden_array) )
+  {// at least, the list contains -1 values. This category does not exists so
+   // where clauses such as "WHERE category_id NOT IN(-1)" will always be
+   // true.
+    array_push($forbidden_array, '-1');
+  }
 
   return implode(',', $forbidden_array);
 }

diff --git a/index.php b/index.php
@@ -44,7 +44,7 @@
   $_SESSION = array();
   session_unset();
   session_destroy();
-  setcookie(session_name(),'',0, cookie_path() );
+  setcookie(session_name(),'',0, ini_get('session.cookie_path') );
   redirect( make_index_url() );
 }