mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-05-05 23:25:30 +02:00
Code Issues Releases Wiki Activity

Fix Bug #31845 - List hidden groups on viewprofile where the viewing user is also a member.

Browse Source 
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10392 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Andreas Fischer 2009-12-31 16:31:57 +00:00
parent 267692ad5c
commit a096b3d981
2 changed files with 36 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
phpBB/docs/CHANGELOG.html
View File

@ -129,6 +129,7 @@
<li>[Fix] Remove item limit from &quot;All forums&quot; feed.</li>
<li>[Fix] Do not use group colours for usernames on print view. (Bug #30315 - Patch by Pasqualle)</li>
<li>[Fix] Pagination of User Notes in MCP uses two different config values. (Bug #56025)</li>
<li>[Fix] List hidden groups on viewprofile where the viewing user is also a member. (Bug #31845)</li>
<li>[Change] Move redirect into a hidden field to avoid issues with mod_security. (Bug #54145)</li>
<li>[Change] Log activation through inactive users ACP. (Bug #30145)</li>
<li>[Change] Send time of last item instead of current time in ATOM Feeds. (Bug #53305)</li>

41
phpBB/memberlist.php
View File

@ -430,22 +430,51 @@ switch ($mode)
$user_id = (int) $member['user_id'];
// Get group memberships
// Also get visiting user's groups to determine hidden group memberships if necessary.
$auth_hidden_groups = ($user_id === (int) $user->data['user_id'] || $auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? true : false;
$sql_uid_ary = ($auth_hidden_groups) ? array($user_id) : array($user_id, (int) $user->data['user_id']);
// Do the SQL thang
$sql = 'SELECT g.group_id, g.group_name, g.group_type
FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . " ug
WHERE ug.user_id = $user_id
AND g.group_id = ug.group_id" . ((!$auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? ' AND g.group_type <> ' . GROUP_HIDDEN : '') . '
$sql = 'SELECT g.group_id, g.group_name, g.group_type, ug.user_id
FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug
WHERE ' . $db->sql_in_set('ug.user_id', $sql_uid_ary) . '
AND g.group_id = ug.group_id
AND ug.user_pending = 0
ORDER BY g.group_type, g.group_name';
$result = $db->sql_query($sql);
$group_options = '';
$profile_groups = $user_groups = array();
while ($row = $db->sql_fetchrow($result))
{
$group_options .= '<option value="' . $row['group_id'] . '"' . (($row['group_id'] == $member['group_id']) ? ' selected="selected"' : '') . '>' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>';
$row['user_id'] = (int) $row['user_id'];
$row['group_id'] = (int) $row['group_id'];
if ($row['user_id'] == $user_id)
{
$profile_groups[] = $row;
}
else
{
$user_groups[$row['group_id']] = $row['group_id'];
}
}
$db->sql_freeresult($result);
$group_options = '';
foreach ($profile_groups as $row)
{
// Skip over hidden groups the user cannot see
if (!$auth_hidden_groups && $row['group_type'] == GROUP_HIDDEN && !isset($user_groups[$row['group_id']]))
{
continue;
}
$group_options .= '<option value="' . $row['group_id'] . '"' . (($row['group_id'] == $member['group_id']) ? ' selected="selected"' : '') . '>' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>';
}
unset($profile_groups);
unset($user_groups);
// What colour is the zebra
$sql = 'SELECT friend, foe
FROM ' . ZEBRA_TABLE . "