fix several issues related to profile being set to a non-numeric value

master
Andrew Dolgov 6 years ago
parent 7e7a15136b
commit 197e80add6

@ -26,7 +26,7 @@ class Db_Prefs {
$user_id = $_SESSION["uid"]; $user_id = $_SESSION["uid"];
@$profile = $_SESSION["profile"]; @$profile = $_SESSION["profile"];
if (!$profile || get_schema_version() < 63) $profile = null; if (!is_numeric($profile) || !$profile || get_schema_version() < 63) $profile = null;
$sth = $this->pdo->prepare("SELECT $sth = $this->pdo->prepare("SELECT
value,ttrss_prefs_types.type_name as type_name,ttrss_prefs.pref_name AS pref_name value,ttrss_prefs_types.type_name as type_name,ttrss_prefs.pref_name AS pref_name
@ -65,7 +65,7 @@ class Db_Prefs {
return $this->convert($tuple["value"], $tuple["type"]); return $this->convert($tuple["value"], $tuple["type"]);
} }
if (!$profile || get_schema_version() < 63) $profile = null; if (!is_numeric($profile) || !$profile || get_schema_version() < 63) $profile = null;
$sth = $this->pdo->prepare("SELECT $sth = $this->pdo->prepare("SELECT
value,ttrss_prefs_types.type_name as type_name value,ttrss_prefs_types.type_name as type_name
@ -112,9 +112,11 @@ class Db_Prefs {
if (!$user_id) { if (!$user_id) {
$user_id = $_SESSION["uid"]; $user_id = $_SESSION["uid"];
@$profile = $_SESSION["profile"]; @$profile = $_SESSION["profile"];
} else {
$profile = null;
} }
if (!$profile || get_schema_version() < 63) $profile = null; if (!is_numeric($profile) || !$profile || get_schema_version() < 63) $profile = null;
$type_name = ""; $type_name = "";
$current_value = ""; $current_value = "";

@ -452,12 +452,16 @@ class Pref_Prefs extends Handler_Protected {
print '<div dojoType="dijit.layout.ContentPane" region="center" style="overflow-y : auto">'; print '<div dojoType="dijit.layout.ContentPane" region="center" style="overflow-y : auto">';
if ($_SESSION["profile"]) { $profile = $_SESSION["profile"];
if (!is_numeric($profile) || !$profile || get_schema_version() < 63) $profile = null;
if ($profile) {
print_notice(__("Some preferences are only available in default profile.")); print_notice(__("Some preferences are only available in default profile."));
} }
if ($_SESSION["profile"]) { if ($_SESSION["profile"]) {
initialize_user_prefs($_SESSION["uid"], $_SESSION["profile"]); initialize_user_prefs($_SESSION["uid"], $profile);
} else { } else {
initialize_user_prefs($_SESSION["uid"]); initialize_user_prefs($_SESSION["uid"]);
} }
@ -473,7 +477,7 @@ class Pref_Prefs extends Handler_Protected {
ttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND ttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND
owner_uid = :uid owner_uid = :uid
ORDER BY ttrss_prefs_sections.order_id,pref_name"); ORDER BY ttrss_prefs_sections.order_id,pref_name");
$sth->execute([":uid" => $_SESSION['uid'], ":profile" => $_SESSION['profile']]); $sth->execute([":uid" => $_SESSION['uid'], ":profile" => $profile]);
$lnum = 0; $lnum = 0;
@ -497,8 +501,7 @@ class Pref_Prefs extends Handler_Protected {
if (!$short_desc) continue; if (!$short_desc) continue;
if ($_SESSION["profile"] && in_array($line["pref_name"], if ($profile && in_array($line["pref_name"], $profile_blacklist)) {
$profile_blacklist)) {
continue; continue;
} }

@ -584,7 +584,7 @@
$sth = $pdo->query("SELECT pref_name,def_value FROM ttrss_prefs"); $sth = $pdo->query("SELECT pref_name,def_value FROM ttrss_prefs");
$profile = $profile ? $profile : null; if (!is_numeric($profile) || !$profile || get_schema_version() < 63) $profile = null;
$u_sth = $pdo->prepare("SELECT pref_name $u_sth = $pdo->prepare("SELECT pref_name
FROM ttrss_user_prefs WHERE owner_uid = :uid AND FROM ttrss_user_prefs WHERE owner_uid = :uid AND

Loading…
Cancel
Save