From e511db7f324ea3f55d85b3d8c613f454b9e83940 Mon Sep 17 00:00:00 2001 From: Tom Reijnders Date: Wed, 14 Sep 2022 20:08:08 +0200 Subject: [PATCH] Fixed #1153 - Possible critical issue when sharing a project via management - There still was a bug in creating one of the folders (where no folderrights entry was generated) --- .../php/management/do_transfer_user_templates.php | 9 +++++++++ website_code/php/user_library.php | 14 +++++++++++--- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/website_code/php/management/do_transfer_user_templates.php b/website_code/php/management/do_transfer_user_templates.php index 65ae876313..45bf3ba59f 100644 --- a/website_code/php/management/do_transfer_user_templates.php +++ b/website_code/php/management/do_transfer_user_templates.php @@ -314,6 +314,15 @@ function createGetFolderId($folder_structure, $newuserid, $old_folder_id) if ($new_root_folder_id == -1) { $new_root_folder_id = db_query($folder_create_query, $folder_create_params); + if ($new_root_folder_id === false) + { + die("Error creating folder " . $foldername . "in workspace of new user " . $newuser); + } + // Make sure folderrights record is created as well + $folder_rights_query = "INSERT INTO {$prefix}folderrights (folder_id,login_id,folder_parent,role) values (?,?,?,?)"; + $folder_rights_params = array($new_root_folder_id, $rootfolder['login_id'], $rootfolder['folder_id'], 'creator'); + $folder_rights_id = db_query($folder_rights_query, $folder_rights_params); + $folder_structure[$new_root_folder_index]['newid'] = $new_root_folder_id; } // Correct the database diff --git a/website_code/php/user_library.php b/website_code/php/user_library.php index 9611d4252f..63e7ed0488 100644 --- a/website_code/php/user_library.php +++ b/website_code/php/user_library.php @@ -137,9 +137,12 @@ function recycle_bin() { $query = "insert into {$xerte_toolkits_site->database_table_prefix}folderdetails (login_id,folder_parent,folder_name,date_created) values (?,?,?,?)"; - $res = db_query($query, array($_SESSION['toolkits_logon_id'], "0", "recyclebin", date('Y-m-d')) ); + $newid = db_query($query, array($_SESSION['toolkits_logon_id'], "0", "recyclebin", date('Y-m-d')) ); - if($res) { + if($newid !== false) { + $query = "INSERT INTO {$xerte_toolkits_site->database_table_prefix}folderrights (folder_id, login_id, folder_parent, role) values (?,?,?,?)"; + $params = array($newid, $_SESSION['toolkits_logon_id'], "0", "creator"); + db_query($query, $params); receive_message($_SESSION['toolkits_logon_username'], "ADMIN", "SUCCESS", "Succeeded in creating users recycle bin", "Succeeded in creating users recycle bin: User: " . $_SESSION['toolkits_logon_username']); @@ -195,7 +198,12 @@ function create_a_virtual_root_folder(){ $query = "insert into {$prefix}folderdetails (login_id,folder_parent,folder_name,date_created) values (?,?,?,?)"; $params = array($_SESSION['toolkits_logon_id'], "0", $_SESSION['toolkits_logon_username'], date('Y-m-d')); - if(db_query($query, $params) !== false){ + $newid = db_query($query, $params); + if($newid !== false){ + $query = "INSERT INTO {$prefix}folderrights (folder_id, login_id, folder_parent, role) values (?,?,?,?)"; + $params = array($newid, $_SESSION['toolkits_logon_id'], "0", "creator"); + + db_query($query, $params); receive_message($_SESSION['toolkits_logon_username'], "ADMIN", "SUCCESS", "Succeeded in creating users root folder", "Succeeded in creating users root folder: User: " . $_SESSION['toolkits_logon_username']);