Fix pgsql query error manage_user_page

Due to pgsql having positional parameters in parametrized queries, the page is throwing an error in some combination of conditions. The error is caused by the reutilization of a prepared WHERE condition in a string from previous query. In the new query, a db_param() call is issued, which has the parameter reset to 1 (returning "$1"). Then, the resulting query string contains two "$1" parameters for different values. With this commit, the query build code is cleaned to avoid said situation. Fixes #20483 Signed-off-by: Damien Regad <dregad@mantisbt.org>
mantisbt · Jan 8, 2016 · 4192d57 · 4192d57
1 parent e9af71c
commit 4192d57
Showing 1 changed file with 7 additions and 20 deletions.
diff --git a/manage_user_page.php b/manage_user_page.php
@@ -203,22 +203,17 @@
 # Get the user data in $c_sort order
 $t_result = '';
 
-if( 1 == $c_show_disabled ) {
-	$t_show_disabled_cond = '';
-} else {
-	$t_show_disabled_cond = ' AND enabled = ' . db_param();
+if( 1 != $c_show_disabled ) {
+	$t_where .= ' AND enabled = ' . db_param();
 	$t_where_params[] = true;
 }
 
-if( 0 == $c_hide_inactive ) {
-	$t_query = 'SELECT count(*) as user_count FROM {user} WHERE ' . $t_where . $t_show_disabled_cond;
-} else {
-	$t_query = 'SELECT count(*) as user_count FROM {user}
-			WHERE ' . $t_where . $t_show_disabled_cond . '
-			AND ' . db_helper_compare_time( db_param(), '<', 'last_visit', $t_days_old );
+if( 0 != $c_hide_inactive ) {
+	$t_where .= ' AND ' . db_helper_compare_time( db_param(), '<', 'last_visit', $t_days_old );
 	$t_where_params[] = db_now();
 }
 
+$t_query = 'SELECT count(*) as user_count FROM {user} WHERE ' . $t_where;
 $t_result = db_query( $t_query, $t_where_params );
 $t_row = db_fetch_array( $t_result );
 $t_total_user_count = $t_row['user_count'];
@@ -239,16 +234,8 @@
 }
 
 
-if( 0 == $c_hide_inactive ) {
-	$t_query = 'SELECT * FROM {user} WHERE ' . $t_where . ' ' . $t_show_disabled_cond . ' ORDER BY ' . $c_sort . ' ' . $c_dir;
-	$t_result = db_query( $t_query, $t_where_params, $p_per_page, $t_offset );
-} else {
-	$t_query = 'SELECT * FROM {user}
-			WHERE ' . $t_where . $t_show_disabled_cond . '
-			AND ' . db_helper_compare_time( db_param(), '<', 'last_visit', $t_days_old ) . '
-			ORDER BY ' . $c_sort . ' ' . $c_dir;
-	$t_result = db_query( $t_query, $t_where_params, $p_per_page, $t_offset );
-}
+$t_query = 'SELECT * FROM {user} WHERE ' . $t_where . ' ORDER BY ' . $c_sort . ' ' . $c_dir;
+$t_result = db_query( $t_query, $t_where_params, $p_per_page, $t_offset );
 
 $t_users = array();
 while( $t_row = db_fetch_array( $t_result ) ) {