From aa4fb01e746883495181f3bbc3db5aef7697ddf4 Mon Sep 17 00:00:00 2001 From: "nils@teampass.net" Date: Sat, 30 Jan 2016 18:38:50 +0100 Subject: [PATCH 1/2] 2.1.25.2 Fix for case where an array could contain an empty value --- sources/main.functions.php | 2 +- sources/roles.queries.php | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/sources/main.functions.php b/sources/main.functions.php index 797ba2fec..f35991559 100644 --- a/sources/main.functions.php +++ b/sources/main.functions.php @@ -417,7 +417,7 @@ function identifyUserRights($groupesVisiblesUser, $groupesInterditsUser, $isAdmi "SELECT * FROM ".prefix_table("roles_title")." ORDER BY title ASC"); foreach ($rows as $record) { - if (!in_array($record['id'], $tmp)) { + if (!empty($record['id']) && !in_array($record['id'], $tmp)) { array_push($tmp, $record['id']); } } diff --git a/sources/roles.queries.php b/sources/roles.queries.php index 32d547e65..3e3066ee0 100644 --- a/sources/roles.queries.php +++ b/sources/roles.queries.php @@ -230,8 +230,8 @@ $previous = 1; //count nb of roles - if (empty($_SESSION['fonction_id'])) $where = ""; - else $where = " WHERE id IN (".str_replace(";", ",", $_SESSION['fonction_id']).")"; + if (empty($_SESSION['fonction_id'])) $where = ""; + else $where = " WHERE id IN (".array_filter(str_replace(";", ",", $_SESSION['fonction_id'])).")"; DB::query("SELECT * FROM ".prefix_table("roles_title").$where); $roles_count = DB::count(); if ($roles_count > $display_nb) { @@ -252,7 +252,7 @@ //Display table header $rows = DB::query( "SELECT * FROM ".prefix_table("roles_title"). - $where." + $where." ORDER BY title ASC".$sql_limit); foreach ($rows as $record) { if ($_SESSION['is_admin'] == 1 || ($_SESSION['user_manager'] == 1 && (in_array($record['id'], $my_functions) || $record['creator_id'] == $_SESSION['user_id']))) { From 8683593e7d18854b4008a135992318d14d0e2ba7 Mon Sep 17 00:00:00 2001 From: "nils@teampass.net" Date: Sun, 31 Jan 2016 10:26:12 +0100 Subject: [PATCH 2/2] 2.1.25.2 Fix for #1179 --- sources/roles.queries.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/sources/roles.queries.php b/sources/roles.queries.php index 3e3066ee0..abbf4c071 100644 --- a/sources/roles.queries.php +++ b/sources/roles.queries.php @@ -230,8 +230,9 @@ $previous = 1; //count nb of roles - if (empty($_SESSION['fonction_id'])) $where = ""; - else $where = " WHERE id IN (".array_filter(str_replace(";", ",", $_SESSION['fonction_id'])).")"; + $arrUserRoles = array_filter($_SESSION['user_roles']); + if (count($arrUserRoles) == 0) $where = ""; + else $where = " WHERE id IN (".implode(',', $arrUserRoles).")"; DB::query("SELECT * FROM ".prefix_table("roles_title").$where); $roles_count = DB::count(); if ($roles_count > $display_nb) { @@ -247,7 +248,7 @@ } // array of roles for actual user - $my_functions = explode(';', $_SESSION['fonction_id']); + $my_functions = $arrUserRoles; //Display table header $rows = DB::query(