From 2cee56c8ed57d3c48e8f41a4616a3b0c7a9e04e9 Mon Sep 17 00:00:00 2001 From: David Goodwin Date: Thu, 26 Mar 2020 09:26:22 +0000 Subject: [PATCH] Ensure $sql is defined; change to an INNER JOIN; fix typo in TUE (TRUE). --- AUTOCONFIG/AutoconfigHandler.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/AUTOCONFIG/AutoconfigHandler.php b/AUTOCONFIG/AutoconfigHandler.php index 62718c72..07304822 100644 --- a/AUTOCONFIG/AutoconfigHandler.php +++ b/AUTOCONFIG/AutoconfigHandler.php @@ -141,17 +141,17 @@ class AutoconfigHandler extends PFAHandler { $table_autoconfig_domains = table_by_key('autoconfig_domains'); $table_domain_admins = table_by_key('domain_admins'); $table_domain = table_by_key('domain'); + + // This is a per-domain admin, so we use the table domain_admis to cross check which configuration he/she has access + $E_username = escape_string( $user ); + $sql = "SELECT DISTINCT ad.config_id FROM $table_domain d INNER JOIN $table_autoconfig_domains ad ON ad.domain = d.domain WHERE d.active IS TRUE AND d.username='$E_username'"; + // This is a super admin, so he/she has access to all configs if ( authentication_has_role( 'global-admin' ) ) { // $sql = "SELECT DISTINCT ad.config_id FROM $table_autoconfig_domains ad LEFT JOIN $table_domain d ON ad.domain = d.domain WHERE d.domain != 'ALL AND d.active IS TRUE'"; // global admin has access to all config $sql = "SELECT c.config_id FROM $table_autoconfig c"; } - // This is a per-domain admin, so we use the table domain_admis to cross check which configuration he/she has access - elseif ( authentication_has_role( 'admin' ) ) { - $E_username = escape_string( $user ); - $sql = "SELECT DISTINCT ad.config_id FROM $table_domain d LEFT JOIN $table_autoconfig_domains ad ON ad.domain = d.domain WHERE d.active IS TUE AND d.username='$E_username'"; - } $res = db_query( $sql ); if ( !empty( $res['error'] ) ) { $this->error = $res['error'];