mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-02-13 12:34:28 +01:00
Code Issues Projects Releases Wiki Activity

MDL-26271 fix borked sql parameters in forum_search_posts and add missing modinfo field

Browse Source 
This is the perfect example why there must not be duplicate parameter names in SQL queries.
This commit is contained in:
Petr Skoda 2011-02-12 10:11:27 +01:00
parent d911c72bf9
commit b1d5d0155b
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
mod/forum/lib.php
View File

@ -1812,7 +1812,7 @@ function forum_get_readable_forums($userid, $courseid=0) {
} else { } else {
// If no course is specified, then the user can see SITE + his courses. // If no course is specified, then the user can see SITE + his courses.
$courses1 = $DB->get_records('course', array('id' => SITEID)); $courses1 = $DB->get_records('course', array('id' => SITEID));
$courses2 = enrol_get_users_courses($userid, true); $courses2 = enrol_get_users_courses($userid, true, array('modinfo'));
$courses = array_merge($courses1, $courses2); $courses = array_merge($courses1, $courses2);
} }
if (!$courses) { if (!$courses) {
@ -1929,8 +1929,8 @@ function forum_search_posts($searchterms, $courseid=0, $limitfrom=0, $limitnum=5
$select = array(); $select = array();
if (!$forum->viewhiddentimedposts) { if (!$forum->viewhiddentimedposts) {
$select[] = "(d.userid = :userid OR (d.timestart < : AND (d.timeend = 0 OR d.timeend > :timeend)))"; $select[] = "(d.userid = :userid{$forumid} OR (d.timestart < :timestart{$forumid} AND (d.timeend = 0 OR d.timeend > :timeend{$forumid})))";
$params = array('userid'=>$USER->id, 'timestart'=>$now, 'timeend'=>$now); $params = array_merge($params, array('userid'.$forumid=>$USER->id, 'timestart'.$forumid=>$now, 'timeend'.$forumid=>$now));
} }
$cm = $forum->cm; $cm = $forum->cm;
@ -1939,7 +1939,7 @@ function forum_search_posts($searchterms, $courseid=0, $limitfrom=0, $limitnum=5
if ($forum->type == 'qanda' if ($forum->type == 'qanda'
&& !has_capability('mod/forum:viewqandawithoutposting', $context)) { && !has_capability('mod/forum:viewqandawithoutposting', $context)) {
if (!empty($forum->onlydiscussions)) { if (!empty($forum->onlydiscussions)) {
list($discussionid_sql, $discussionid_params) = $DB->get_in_or_equal($forum->onlydiscussions, SQL_PARAMS_NAMED, 'qanda0'); list($discussionid_sql, $discussionid_params) = $DB->get_in_or_equal($forum->onlydiscussions, SQL_PARAMS_NAMED, 'qanda'.$forumid.'_0000');
$params = array_merge($params, $discussionid_params); $params = array_merge($params, $discussionid_params);
$select[] = "(d.id $discussionid_sql OR p.parent = 0)"; $select[] = "(d.id $discussionid_sql OR p.parent = 0)";
} else { } else {
@ -1948,15 +1948,15 @@ function forum_search_posts($searchterms, $courseid=0, $limitfrom=0, $limitnum=5
} }
if (!empty($forum->onlygroups)) { if (!empty($forum->onlygroups)) {
list($groupid_sql, $groupid_params) = $DB->get_in_or_equal($forum->onlygroups, SQL_PARAMS_NAMED, 'grps0'); list($groupid_sql, $groupid_params) = $DB->get_in_or_equal($forum->onlygroups, SQL_PARAMS_NAMED, 'grps'.$forumid.'_0000');
$params = array_merge($params, $groupid_params); $params = array_merge($params, $groupid_params);
$select[] = "d.groupid $groupid_sql"; $select[] = "d.groupid $groupid_sql";
} }
if ($select) { if ($select) {
$selects = implode(" AND ", $select); $selects = implode(" AND ", $select);
$where[] = "(d.forum = :forum AND $selects)"; $where[] = "(d.forum = :forum{$forumid} AND $selects)";
$params['forum'] = $forumid; $params['forum'.$forumid] = $forumid;
} else { } else {
$fullaccess[] = $forumid; $fullaccess[] = $forumid;
} }