oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixed a problem where prev/next buttons could allow a user to view a message that wasn't approved.

Browse source
This commit is contained in:
JT Smith 2002-07-05 01:53:52 +00:00
parent 1e8908a866
commit 94a1212051
1 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
lib/WebGUI/Discussion.pm
View file

@ -398,13 +398,15 @@ sub showMessage {
.'">'.WebGUI::International::get(577).'</a><br>';
}
@data = WebGUI::SQL->quickArray("select max(messageId) from discussion
where wobjectId=$message{wobjectId} and pid=0 and messageId<$message{rid}".$sqlAdd);
where wobjectId=$message{wobjectId} and pid=0 and messageId<$message{rid}
and (userId=$session{user}{userId} or status='Approved') ".$sqlAdd);
if ($data[0] ne "") {
$html .= '<a href="'.WebGUI::URL::page('func=showMessage&mid='.$data[0].'&sid='.$session{form}{sid}.'&wid='.
$session{form}{wid}).'">&laquo; '.WebGUI::International::get(513).'</a><br>';
}
@data = WebGUI::SQL->quickArray("select min(messageId) from discussion
where wobjectId=$message{wobjectId} and pid=0 and messageId>$message{rid}".$sqlAdd);
where wobjectId=$message{wobjectId} and pid=0 and messageId>$message{rid}
and (userId=$session{user}{userId} or status='Approved')".$sqlAdd);
if ($data[0] ne "") {
$html .= '<a href="'.WebGUI::URL::page('func=showMessage&mid='.$data[0].'&sid='.$session{form}{sid}.'&wid='.
$session{form}{wid}).'">'.WebGUI::International::get(512).' &raquo;</a><br>';