Skip to content

Commit

Permalink
Fixed issue #6312: Editing Survey Security Permissions as non-super-a…
Browse files Browse the repository at this point in the history 
…dmin and non-survey owner throws PHP Fatal Error
  • Loading branch information
@sudosteph
sudosteph committed Jul 18, 2012
1 parent 405f2a5 commit 1b05a2b
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions admin/html.php
View file
Expand Up @@ -1474,7 +1474,7 @@
$addsummary = "<div class='header ui-widget-header'>".$clang->gT("Add User")."</div>\n";
$addsummary .= "<div class=\"messagebox ui-corner-all\">\n";

$query = "SELECT sid, owner_id FROM ".db_table_name('surveys')." WHERE sid = {$surveyid} AND owner_id = ".$_SESSION['loginID']." AND owner_id != ".$postuserid;
$query = "SELECT sid, owner_id FROM ".db_table_name('surveys')." WHERE sid = {$surveyid} AND owner_id != ".$postuserid;
$result = db_execute_assoc($query); //Checked
if( ($result->RecordCount() > 0 && in_array($postuserid,getuserlist('onlyuidarray'))) ||
$_SESSION['USER_RIGHT_SUPERADMIN'] == 1)
Expand Down Expand Up @@ -1522,7 +1522,7 @@
$addsummary = "<div class=\"header\">".$clang->gT("Add user group")."</div>\n";
$addsummary .= "<div class=\"messagebox ui-corner-all\" >\n";

$query = "SELECT sid, owner_id FROM ".db_table_name('surveys')." WHERE sid = {$surveyid} AND owner_id = ".$_SESSION['loginID'];
$query = "SELECT sid, owner_id FROM ".db_table_name('surveys')." WHERE sid = {$surveyid}";
$result = db_execute_assoc($query); //Checked
if( ($result->RecordCount() > 0 && in_array($postusergroupid,getsurveyusergrouplist('simpleugidarray'))) || $_SESSION['USER_RIGHT_SUPERADMIN'] == 1)
{
Expand Down Expand Up @@ -1582,7 +1582,7 @@
$addsummary = "<div class=\"header\">".$clang->gT("Deleting User")."</div>\n";
$addsummary .= "<div class=\"messagebox\">\n";

$query = "SELECT sid, owner_id FROM ".db_table_name('surveys')." WHERE sid = {$surveyid} AND owner_id = ".$_SESSION['loginID']." AND owner_id != ".$postuserid;
$query = "SELECT sid, owner_id FROM ".db_table_name('surveys')." WHERE sid = {$surveyid} AND owner_id != ".$postuserid;
$result = db_execute_assoc($query); //Checked
if($result->RecordCount() > 0 || $_SESSION['USER_RIGHT_SUPERADMIN'] == 1)
{
Expand All @@ -1609,7 +1609,7 @@

if($action == "setsurveysecurity" || $action == "setusergroupsurveysecurity")
{
$query = "SELECT sid, owner_id FROM ".db_table_name('surveys')." WHERE sid = {$surveyid} AND owner_id = ".$_SESSION['loginID'];
$query = "SELECT sid, owner_id FROM ".db_table_name('surveys')." WHERE sid = {$surveyid}";
if ($action == "setsurveysecurity")
{
$query.= " AND owner_id != ".$postuserid;
Expand Down

0 comments on commit 1b05a2b

Please sign in to comment.