[evolvis-commits] r17491: [#1590] Possibility to hide tracker items with the resolution fixed on "My Page"↵ Security fix

papel at evolvis.org papel at evolvis.org
Thu Aug 25 10:50:47 CEST 2011


Author: papel
Date: 2011-08-25 10:50:47 +0200 (Thu, 25 Aug 2011)
New Revision: 17491

Modified:
   trunk/gforge_base/evolvisforge/gforge/common/tracker/ArtifactsForUser.class.php
Log:
[#1590] Possibility to hide tracker items with the resolution fixed on "My Page"
Security fix

Modified: trunk/gforge_base/evolvisforge/gforge/common/tracker/ArtifactsForUser.class.php
===================================================================
--- trunk/gforge_base/evolvisforge/gforge/common/tracker/ArtifactsForUser.class.php	2011-08-24 13:58:49 UTC (rev 17490)
+++ trunk/gforge_base/evolvisforge/gforge/common/tracker/ArtifactsForUser.class.php	2011-08-25 08:50:47 UTC (rev 17491)
@@ -80,8 +80,6 @@
 	function &getAssignedBugsByGroup($arrFilter = array()) {
 		
 		/* 
-		*	https://evolvis.org/plugins/mediawiki/wiki/evolvis/index.php/Datenbankschemata
-		*
     	* 	- The extra field resolution is only always available for tracker that have the value 1 of the 
     	*	  attribute datatype in the database table artifact_group_list. On installing Evolvis the extra field with
     	* 	  the field_name 'Resolution' will be written to the database in the table artifact_extra_field_list. 
@@ -101,25 +99,31 @@
 		
 		$where = " WHERE";
 		$filterCount = count($arrFilter);
-		$i = 1;
+		$params = array();
+		$i = 2;
 		if($filterCount > 0) {
 			$where .= " (al.field_name = 'Resolution' AND av.assigned_to=$1 AND at.datatype = 1 AND ae.element_id != 100) AND";
+			array_push($params, $this->User->getID());
 			foreach($arrFilter as $filter) {
-				
-				$where .= " (al.field_name = 'Resolution' AND av.assigned_to=$1 AND at.datatype = 1 AND ae.element_id != ".$filter.")";
-				if($filterCount != $i) {
+				array_push($params, $this->User->getID());
+				$where .= " (al.field_name = 'Resolution' AND av.assigned_to=$".$i;
+				$i += 1; 
+				$where .= " AND at.datatype = 1 AND ae.element_id != $".$i.")";
+				array_push($params, $filter);
 					$where .= " AND";
-				}
 				$i++; 
 			}
+			
+			$where = substr($where, 0, -3);
 		} else {
+			array_push($params, $this->User->getID());
 			$where .= " al.field_name = 'Resolution' AND av.assigned_to=$1 AND at.datatype = 1 AND ae.element_id != 100";# ORDER BY av.priority DESC"; Add to sort by priority		
 		}
 		//The attribute element_id has the value 100 automatically if not selected.
 		
 		$sqlQuery = $select . $join . $where;
 		
-		return $this->getArtifactsFromSQLwithParams($sqlQuery, array($this->User->getID())); 
+		return $this->getArtifactsFromSQLwithParams($sqlQuery, $params); 
 
 	}
 



More information about the evolvis-commits mailing list