Changeset 1117


Ignore:
Timestamp:
Apr 1, 2006, 3:24:21 AM (18 years ago)
Author:
rvelices
Message:

fix: allow adviser message was not allowing cookies to be sent

fix: cookie deletion on logout uses ini_get (on some systems
ini_set(cookie_path) is ignored)

bug 322: locked category is visible to all the users/groups that have been
assigned the permissions

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/include/common.inc.php

    r1092 r1117  
    235235if (is_adviser())
    236236{
     237  ob_start();// buffer output so that cookies work
    237238  echo '
    238239  <div class="titrePage">

  • trunk/include/functions_user.inc.php

    r1113 r1117  
    301301  }
    302302
    303   // if user is not an admin, locked categories can be considered as private$
    304   if (!is_admin($user_status))
    305   {
    306     $query = '
    307 SELECT id
    308   FROM '.CATEGORIES_TABLE.'
    309   WHERE visible = \'false\'
    310 ;';
    311     $result = pwg_query($query);
    312     while ($row = mysql_fetch_array($result))
    313     {
    314       array_push($private_array, $row['id']);
    315     }
    316 
    317     $private_array = array_unique($private_array);
    318   }
    319 
    320303  // retrieve category ids directly authorized to the user
    321304  $query = '
     
    346329  $forbidden_array = array_diff($private_array, $authorized_array);
    347330
    348   // at least, the list contains -1 values. This category does not exists so
    349   // where clauses such as "WHERE category_id NOT IN(-1)" will always be
    350   // true.
    351   array_push($forbidden_array, '-1');
     331  // if user is not an admin, locked categories are forbidden
     332  if (!is_admin($user_status))
     333  {
     334    $query = '
     335SELECT id
     336  FROM '.CATEGORIES_TABLE.'
     337  WHERE visible = \'false\'
     338;';
     339    $result = pwg_query($query);
     340    while ($row = mysql_fetch_array($result))
     341    {
     342      array_push($forbidden_array, $row['id']);
     343    }
     344    $forbidden_array = array_unique($forbidden_array);
     345  }
     346
     347  if ( empty($forbidden_array) )
     348  {// at least, the list contains -1 values. This category does not exists so
     349   // where clauses such as "WHERE category_id NOT IN(-1)" will always be
     350   // true.
     351    array_push($forbidden_array, '-1');
     352  }
    352353
    353354  return implode(',', $forbidden_array);

  • trunk/index.php

    r1113 r1117  
    4545  session_unset();
    4646  session_destroy();
    47   setcookie(session_name(),'',0, cookie_path() );
     47  setcookie(session_name(),'',0, ini_get('session.cookie_path') );
    4848  redirect( make_index_url() );
    4949}
Note: See TracChangeset for help on using the changeset viewer.