diff options
-rw-r--r-- | include/auth.php | 12 | ||||
-rw-r--r-- | mod/item.php | 11 | ||||
-rw-r--r-- | mod/profile.php | 6 | ||||
-rw-r--r-- | view/acl_selectors.php | 4 |
4 files changed, 13 insertions, 20 deletions
diff --git a/include/auth.php b/include/auth.php index 973aabe65..5e454745e 100644 --- a/include/auth.php +++ b/include/auth.php @@ -71,23 +71,21 @@ else { } } -// Returns an array of group names this contact is a member of. -// Since contact-id's are unique and each "belongs" to a given user uid, -// this array will only contain group names related to the uid of this +// Returns an array of group id's this contact is a member of. +// This array will only contain group id's related to the uid of this // DFRN contact. They are *not* neccessarily unique across the entire site. if(! function_exists('init_groups_visitor')) { function init_groups_visitor($contact_id) { $groups = array(); - $r = q("SELECT `group_member`.`gid`, `group`.`name` - FROM `group_member` LEFT JOIN `group` ON `group_member`.`gid` = `group`.`id` - WHERE `group_member`.`contact-id` = %d ", + $r = q("SELECT `gid` FROM `group_member` + WHERE `contact-id` = %d ", intval($contact_id) ); if(count($r)) { foreach($r as $rr) - $groups[] = $rr['name']; + $groups[] = $rr['gid']; } return $groups; }} diff --git a/mod/item.php b/mod/item.php index 672084fe8..ff3f41138 100644 --- a/mod/item.php +++ b/mod/item.php @@ -1,12 +1,7 @@ <?php -function sanitise_intacl(&$item) { - $item = '<' . intval(notags(trim($item))) . '>'; -} - - function sanitise_acl(&$item) { - $item = '<' . notags(trim($item)) . '>'; + $item = '<' . intval(notags(trim($item))) . '>'; } function item_post(&$a) { @@ -35,7 +30,7 @@ function item_post(&$a) { $str_contact_allow = ''; $contact_allow = $_POST['contact_allow']; if(is_array($contact_allow)) { - array_walk($contact_allow,'sanitise_intacl'); + array_walk($contact_allow,'sanitise_acl'); $str_contact_allow = implode('',$contact_allow); } @@ -49,7 +44,7 @@ function item_post(&$a) { $str_contact_deny = ''; $contact_deny = $_POST['contact_deny']; if(is_array($contact_deny)) { - array_walk($contact_deny,'sanitise_intacl'); + array_walk($contact_deny,'sanitise_acl'); $str_contact_deny = implode('',$contact_deny); } diff --git a/mod/profile.php b/mod/profile.php index 37bf04a0c..5a1ac0639 100644 --- a/mod/profile.php +++ b/mod/profile.php @@ -170,7 +170,7 @@ function profile_content(&$a) { $gs = '<<>>'; // should be impossible to match if(count($groups)) { foreach($groups as $g) - $gs .= '|<' . dbesc($g) . '>'; + $gs .= '|<' . intval($g) . '>'; } $sql_extra = sprintf( " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) @@ -180,8 +180,8 @@ function profile_content(&$a) { intval($_SESSION['visitor_id']), intval($_SESSION['visitor_id']), - $gs, - $gs + dbesc($gs), + dbesc($gs) ); } diff --git a/view/acl_selectors.php b/view/acl_selectors.php index 7a8072af6..e5df4c65e 100644 --- a/view/acl_selectors.php +++ b/view/acl_selectors.php @@ -13,12 +13,12 @@ function group_select($selname,$selclass,$preselected = false) { if(count($r)) { foreach($r as $rr) { - if((is_array($preselected)) && in_array($rr['name'], $preselected)) + if((is_array($preselected)) && in_array($rr['id'], $preselected)) $selected = " selected=\"selected\" "; else $selected = ''; - $o .= "<option value=\"{$rr['name']}\" $selected >{$rr['name']}</option>\r\n"; + $o .= "<option value=\"{$rr['id']}\" $selected >{$rr['name']}</option>\r\n"; } } |