From ebae1c632345b0d845c2bc61c4d81ab791650e5b Mon Sep 17 00:00:00 2001 From: Miles Lott Date: Sun, 29 Apr 2001 13:41:36 +0000 Subject: [PATCH] Add some verification that account_id exists for use in accounts storage --- addressbook/inc/class.contacts_sql.inc.php | 27 +++++++++++++++++----- 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/addressbook/inc/class.contacts_sql.inc.php b/addressbook/inc/class.contacts_sql.inc.php index 57cf31c8f7..b9fe79fdc4 100644 --- a/addressbook/inc/class.contacts_sql.inc.php +++ b/addressbook/inc/class.contacts_sql.inc.php @@ -45,12 +45,15 @@ var $total_records; // This will contain numrows for data retrieved var $grants; // This holds all of the users that have granted access to there entrys - function contacts_() + function contacts_($useacl=True) { global $phpgw, $phpgw_info; $this->db = $phpgw->db; - $this->grants = $phpgw->acl->get_grants('addressbook'); + if($useacl) + { + $this->grants = $phpgw->acl->get_grants('addressbook'); + } $this->account_id = $phpgw_info['user']['account_id']; // The left side are the array elements used throughout phpgw, right side are the db field names. @@ -380,11 +383,23 @@ } if (!$filtermethod) { - $fwhere .= " (owner=" . $phpgw_info['user']['account_id']; - $fand .= " (owner=" . $phpgw_info['user']['account_id']; + if($phpgw_info['user']['account_id']) + { + $fwhere .= " (owner=" . $phpgw_info['user']['account_id']; + $fand .= " (owner=" . $phpgw_info['user']['account_id']; + } } else { - $fwhere .= $filtermethod . " AND (owner=" . $phpgw_info['user']['account_id']; - $fand .= $filtermethod . " AND (owner=" . $phpgw_info['user']['account_id']; + if($phpgw_info['user']['account_id']) + { + $fwhere .= $filtermethod . " AND (owner=" . $phpgw_info['user']['account_id']; + $fand .= $filtermethod . " AND (owner=" . $phpgw_info['user']['account_id']; + } + else + { + $filtermethod = substr($filtermethod,0,-2); + $fwhere .= $filtermethod; + $fand .= $filtermethod; + } } if (is_array($this->grants))