Fixed #1153 - Possible critical issue when sharing a project via mana…

…gement - There still was a bug in creating one of the folders (where no folderrights entry was generated)
thexerteproject · Sep 14, 2022 · e511db7 · e511db7
1 parent b8c0782
commit e511db7
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 3 deletions.
diff --git a/website_code/php/management/do_transfer_user_templates.php b/website_code/php/management/do_transfer_user_templates.php
@@ -314,6 +314,15 @@ function createGetFolderId($folder_structure, $newuserid, $old_folder_id)
                     if ($new_root_folder_id == -1)
                     {
                         $new_root_folder_id = db_query($folder_create_query, $folder_create_params);
+                        if ($new_root_folder_id === false)
+                        {
+                            die("Error creating folder " . $foldername . "in workspace of new user " . $newuser);
+                        }
+                        // Make sure folderrights record is created as well
+                        $folder_rights_query = "INSERT INTO {$prefix}folderrights (folder_id,login_id,folder_parent,role) values  (?,?,?,?)";
+                        $folder_rights_params = array($new_root_folder_id, $rootfolder['login_id'], $rootfolder['folder_id'], 'creator');
+                        $folder_rights_id = db_query($folder_rights_query, $folder_rights_params);
+
                         $folder_structure[$new_root_folder_index]['newid'] = $new_root_folder_id;
                     }
                     // Correct the database

diff --git a/website_code/php/user_library.php b/website_code/php/user_library.php
@@ -137,9 +137,12 @@ function recycle_bin() {
 
         $query = "insert into {$xerte_toolkits_site->database_table_prefix}folderdetails 
             (login_id,folder_parent,folder_name,date_created) values  (?,?,?,?)";
-        $res = db_query($query, array($_SESSION['toolkits_logon_id'], "0", "recyclebin", date('Y-m-d')) );
+        $newid = db_query($query, array($_SESSION['toolkits_logon_id'], "0", "recyclebin", date('Y-m-d')) );
 
-        if($res) {
+        if($newid !== false) {
+            $query = "INSERT INTO {$xerte_toolkits_site->database_table_prefix}folderrights (folder_id, login_id, folder_parent, role) values (?,?,?,?)";
+            $params = array($newid, $_SESSION['toolkits_logon_id'], "0", "creator");
+            db_query($query, $params);
 
             receive_message($_SESSION['toolkits_logon_username'], "ADMIN", "SUCCESS", "Succeeded in creating users recycle bin", "Succeeded in creating users recycle bin: User: " . $_SESSION['toolkits_logon_username']);
 
@@ -195,7 +198,12 @@ function create_a_virtual_root_folder(){
     $query = "insert into {$prefix}folderdetails (login_id,folder_parent,folder_name,date_created) values  (?,?,?,?)";
     $params = array($_SESSION['toolkits_logon_id'], "0", $_SESSION['toolkits_logon_username'], date('Y-m-d'));
 
-    if(db_query($query, $params) !== false){
+    $newid = db_query($query, $params);
+    if($newid !== false){
+        $query = "INSERT INTO {$prefix}folderrights (folder_id, login_id, folder_parent, role) values (?,?,?,?)";
+        $params = array($newid, $_SESSION['toolkits_logon_id'], "0", "creator");
+
+        db_query($query, $params);
 
         receive_message($_SESSION['toolkits_logon_username'], "ADMIN", "SUCCESS", "Succeeded in creating users root folder", "Succeeded in creating users root folder: User: " . $_SESSION['toolkits_logon_username']);