[evolvis-commits] r17491: [#1590] Possibility to hide tracker items with the resolution fixed on "My Page"↵ Security fix
papel at evolvis.org
papel at evolvis.org
Thu Aug 25 10:50:47 CEST 2011
Author: papel
Date: 2011-08-25 10:50:47 +0200 (Thu, 25 Aug 2011)
New Revision: 17491
Modified:
trunk/gforge_base/evolvisforge/gforge/common/tracker/ArtifactsForUser.class.php
Log:
[#1590] Possibility to hide tracker items with the resolution fixed on "My Page"
Security fix
Modified: trunk/gforge_base/evolvisforge/gforge/common/tracker/ArtifactsForUser.class.php
===================================================================
--- trunk/gforge_base/evolvisforge/gforge/common/tracker/ArtifactsForUser.class.php 2011-08-24 13:58:49 UTC (rev 17490)
+++ trunk/gforge_base/evolvisforge/gforge/common/tracker/ArtifactsForUser.class.php 2011-08-25 08:50:47 UTC (rev 17491)
@@ -80,8 +80,6 @@
function &getAssignedBugsByGroup($arrFilter = array()) {
/*
- * https://evolvis.org/plugins/mediawiki/wiki/evolvis/index.php/Datenbankschemata
- *
* - The extra field resolution is only always available for tracker that have the value 1 of the
* attribute datatype in the database table artifact_group_list. On installing Evolvis the extra field with
* the field_name 'Resolution' will be written to the database in the table artifact_extra_field_list.
@@ -101,25 +99,31 @@
$where = " WHERE";
$filterCount = count($arrFilter);
- $i = 1;
+ $params = array();
+ $i = 2;
if($filterCount > 0) {
$where .= " (al.field_name = 'Resolution' AND av.assigned_to=$1 AND at.datatype = 1 AND ae.element_id != 100) AND";
+ array_push($params, $this->User->getID());
foreach($arrFilter as $filter) {
-
- $where .= " (al.field_name = 'Resolution' AND av.assigned_to=$1 AND at.datatype = 1 AND ae.element_id != ".$filter.")";
- if($filterCount != $i) {
+ array_push($params, $this->User->getID());
+ $where .= " (al.field_name = 'Resolution' AND av.assigned_to=$".$i;
+ $i += 1;
+ $where .= " AND at.datatype = 1 AND ae.element_id != $".$i.")";
+ array_push($params, $filter);
$where .= " AND";
- }
$i++;
}
+
+ $where = substr($where, 0, -3);
} else {
+ array_push($params, $this->User->getID());
$where .= " al.field_name = 'Resolution' AND av.assigned_to=$1 AND at.datatype = 1 AND ae.element_id != 100";# ORDER BY av.priority DESC"; Add to sort by priority
}
//The attribute element_id has the value 100 automatically if not selected.
$sqlQuery = $select . $join . $where;
- return $this->getArtifactsFromSQLwithParams($sqlQuery, array($this->User->getID()));
+ return $this->getArtifactsFromSQLwithParams($sqlQuery, $params);
}
More information about the evolvis-commits
mailing list