updates for PHP 7.3
Dieser Commit ist enthalten in:
Ursprung
e3ace87155
Commit
a0ea0e7255
|
@ -1,4 +1,5 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Project:
|
* Project:
|
||||||
* Contenido Content Management System
|
* Contenido Content Management System
|
||||||
|
@ -17,20 +18,17 @@
|
||||||
*
|
*
|
||||||
* $Id$:
|
* $Id$:
|
||||||
*/
|
*/
|
||||||
|
if (!defined('CON_FRAMEWORK')) {
|
||||||
if(!defined('CON_FRAMEWORK')) {
|
die('Illegal call');
|
||||||
die('Illegal call');
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// create Navigation array for one level
|
// create Navigation array for one level
|
||||||
function createNavigationArray($start_id, $db)
|
function createNavigationArray($start_id, $db) {
|
||||||
{
|
|
||||||
global $user, $cfg, $client, $lang, $auth;
|
global $user, $cfg, $client, $lang, $auth;
|
||||||
|
|
||||||
$navigation = array();
|
$navigation = array();
|
||||||
$FrontendPermissionCollection = new FrontendPermissionCollection;
|
$FrontendPermissionCollection = new FrontendPermissionCollection;
|
||||||
|
|
||||||
// SECURITY-FIX
|
// SECURITY-FIX
|
||||||
$sql = "SELECT
|
$sql = "SELECT
|
||||||
A.idcat,
|
A.idcat,
|
||||||
|
@ -38,254 +36,223 @@ function createNavigationArray($start_id, $db)
|
||||||
C.public,
|
C.public,
|
||||||
C.idcatlang
|
C.idcatlang
|
||||||
FROM
|
FROM
|
||||||
".$cfg["tab"]["cat_tree"]." AS A,
|
" . $cfg["tab"]["cat_tree"] . " AS A,
|
||||||
".$cfg["tab"]["cat"]." AS B,
|
" . $cfg["tab"]["cat"] . " AS B,
|
||||||
".$cfg["tab"]["cat_lang"]." AS C
|
" . $cfg["tab"]["cat_lang"] . " AS C
|
||||||
WHERE
|
WHERE
|
||||||
A.idcat = B.idcat AND
|
A.idcat = B.idcat AND
|
||||||
B.idcat = C.idcat AND
|
B.idcat = C.idcat AND
|
||||||
B.idclient = '".Contenido_Security::escapeDB($client, $db)."' AND
|
B.idclient = '" . Contenido_Security::escapeDB($client, $db) . "' AND
|
||||||
C.idlang = '".Contenido_Security::escapeDB($lang, $db)."' AND
|
C.idlang = '" . Contenido_Security::escapeDB($lang, $db) . "' AND
|
||||||
C.visible = '1' AND
|
C.visible = '1' AND
|
||||||
B.parentid = '".Contenido_Security::escapeDB($start_id, $db)."'
|
B.parentid = '" . Contenido_Security::escapeDB($start_id, $db) . "'
|
||||||
ORDER BY
|
ORDER BY
|
||||||
A.idtree";
|
A.idtree";
|
||||||
$db->query($sql);
|
$db->query($sql);
|
||||||
|
|
||||||
while($db->next_record())
|
while ($db->next_record()) {
|
||||||
{
|
$cat_id = $db->f("idcat");
|
||||||
$cat_id = $db->f("idcat");
|
$cat_idlang = $db->f("idcatlang");
|
||||||
$cat_idlang = $db->f("idcatlang");
|
$visible = false;
|
||||||
$visible=false;
|
if ($db->f("public") != 0) {
|
||||||
if($db->f("public")!=0){
|
$visible = true;
|
||||||
$visible = true;
|
} elseif (($auth->auth['uid'] != '') && ($auth->auth['uid'] != 'nobody')) {
|
||||||
}elseif(($auth->auth['uid']!='')&&($auth->auth['uid']!='nobody')){
|
$FrontendGroupMemberCollection = new FrontendGroupMemberCollection;
|
||||||
$FrontendGroupMemberCollection = new FrontendGroupMemberCollection;
|
|
||||||
|
|
||||||
$FrontendGroupMemberCollection->setWhere("idfrontenduser",$auth->auth['uid']);
|
$FrontendGroupMemberCollection->setWhere("idfrontenduser", $auth->auth['uid']);
|
||||||
$FrontendGroupMemberCollection->query();
|
$FrontendGroupMemberCollection->query();
|
||||||
$groups = array();
|
$groups = array();
|
||||||
while ($member = $FrontendGroupMemberCollection->next()){
|
while ($member = $FrontendGroupMemberCollection->next()) {
|
||||||
$groups[] = $member->get("idfrontendgroup");
|
$groups[] = $member->get("idfrontendgroup");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if(count($groups)>0){
|
if (count($groups) > 0) {
|
||||||
for($i=0;$i<count($groups);$i++){
|
for ($i = 0; $i < count($groups); $i++) {
|
||||||
if($FrontendPermissionCollection->checkPerm($groups[$i],'category','access',$cat_idlang, true)){
|
if ($FrontendPermissionCollection->checkPerm($groups[$i], 'category', 'access', $cat_idlang, true)) {
|
||||||
$visible=true;
|
$visible = true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if($visible){
|
if ($visible) {
|
||||||
$navigation[$cat_id] = array("idcat" => $cat_id,
|
$navigation[$cat_id] = array("idcat" => $cat_id,
|
||||||
"name" => $db->f("name"),
|
"name" => $db->f("name"),
|
||||||
"target" => '_self', # you can not call getTarget($cat_id, &$db) at this point with the same db instance!
|
"target" => '_self', # you can not call getTarget($cat_id, &$db) at this point with the same db instance!
|
||||||
"public" => $db->f("public"));
|
"public" => $db->f("public"));
|
||||||
}
|
}
|
||||||
} // end while
|
} // end while
|
||||||
|
|
||||||
$db->free();
|
$db->free();
|
||||||
|
|
||||||
return $navigation;
|
return $navigation;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return target of a given category id
|
* Return target of a given category id
|
||||||
*
|
*
|
||||||
* @deprecated
|
* @deprecated
|
||||||
*/
|
*/
|
||||||
function getTarget($cat_id, $db) {
|
function getTarget($cat_id, $db) {
|
||||||
global $cfg, $client, $lang;
|
global $cfg, $client, $lang;
|
||||||
|
|
||||||
// SECURITY-FIX
|
// SECURITY-FIX
|
||||||
$sql = "SELECT
|
$sql = "SELECT
|
||||||
a.external_redirect AS ext
|
a.external_redirect AS ext
|
||||||
FROM
|
FROM
|
||||||
".$cfg["tab"]["art_lang"]." AS a,
|
" . $cfg["tab"]["art_lang"] . " AS a,
|
||||||
".$cfg["tab"]["cat_art"]." AS b,
|
" . $cfg["tab"]["cat_art"] . " AS b,
|
||||||
".$cfg["tab"]["cat"]." AS c
|
" . $cfg["tab"]["cat"] . " AS c
|
||||||
WHERE
|
WHERE
|
||||||
b.idcat = '".Contenido_Security::escapeDB($cat_id, $db)."' AND
|
b.idcat = '" . Contenido_Security::escapeDB($cat_id, $db) . "' AND
|
||||||
c.idclient = '".Contenido_Security::escapeDB($client, $db)."' AND
|
c.idclient = '" . Contenido_Security::escapeDB($client, $db) . "' AND
|
||||||
c.idcat = b.idcat AND
|
c.idcat = b.idcat AND
|
||||||
a.idart = b.idart AND
|
a.idart = b.idart AND
|
||||||
a.idlang = '".Contenido_Security::escapeDB($lang, $db)."'";
|
a.idlang = '" . Contenido_Security::escapeDB($lang, $db) . "'";
|
||||||
|
|
||||||
$db->query($sql);
|
$db->query($sql);
|
||||||
$db->next_record();
|
$db->next_record();
|
||||||
|
|
||||||
$target = ( $db->f('ext') == 0 ) ? '_self' : '_blank';
|
$target = ( $db->f('ext') == 0 ) ? '_self' : '_blank';
|
||||||
|
|
||||||
$db->free();
|
$db->free();
|
||||||
return $target;
|
return $target;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return true if $parentid is parent of $catid
|
* Return true if $parentid is parent of $catid
|
||||||
*/
|
*/
|
||||||
|
|
||||||
function isParent($parentid, $catid, $db) {
|
function isParent($parentid, $catid, $db) {
|
||||||
|
|
||||||
|
|
||||||
global $cfg, $client, $lang;
|
|
||||||
// SECURITY-FIX
|
global $cfg, $client, $lang;
|
||||||
$sql = "SELECT
|
// SECURITY-FIX
|
||||||
|
$sql = "SELECT
|
||||||
a.parentid
|
a.parentid
|
||||||
FROM
|
FROM
|
||||||
".$cfg["tab"]["cat"]." AS a,
|
" . $cfg["tab"]["cat"] . " AS a,
|
||||||
".$cfg["tab"]["cat_lang"]." AS b
|
" . $cfg["tab"]["cat_lang"] . " AS b
|
||||||
WHERE
|
WHERE
|
||||||
a.idclient = '". Contenido_Security::escapeDB($client, $db)."' AND
|
a.idclient = '" . Contenido_Security::escapeDB($client, $db) . "' AND
|
||||||
b.idlang = '".Contenido_Security::escapeDB($lang, $db)."' AND
|
b.idlang = '" . Contenido_Security::escapeDB($lang, $db) . "' AND
|
||||||
a.idcat = b.idcat AND
|
a.idcat = b.idcat AND
|
||||||
a.idcat = '".Contenido_Security::escapeDB($catid, $db)."'";
|
a.idcat = '" . Contenido_Security::escapeDB($catid, $db) . "'";
|
||||||
|
|
||||||
$db->query($sql);
|
$db->query($sql);
|
||||||
$db->next_record();
|
$db->next_record();
|
||||||
|
|
||||||
$pre = $db->f("parentid");
|
$pre = $db->f("parentid");
|
||||||
|
|
||||||
if($parentid == $pre)
|
if ($parentid == $pre) {
|
||||||
{
|
return true;
|
||||||
return true;
|
} else {
|
||||||
}
|
return false;
|
||||||
else
|
}
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function getParent($preid, &$db) {
|
function getParent($preid, &$db) {
|
||||||
|
|
||||||
global $cfg, $client, $lang;
|
global $cfg, $client, $lang;
|
||||||
|
|
||||||
// SECURITY-FIX
|
// SECURITY-FIX
|
||||||
$sql = "SELECT
|
$sql = "SELECT
|
||||||
a.parentid
|
a.parentid
|
||||||
FROM
|
FROM
|
||||||
".$cfg["tab"]["cat"]." AS a,
|
" . $cfg["tab"]["cat"] . " AS a,
|
||||||
".$cfg["tab"]["cat_lang"]." AS b
|
" . $cfg["tab"]["cat_lang"] . " AS b
|
||||||
WHERE
|
WHERE
|
||||||
a.idclient = '".Contenido_Security::escapeDB($client, $db)."' AND
|
a.idclient = '" . Contenido_Security::escapeDB($client, $db) . "' AND
|
||||||
b.idlang = '".Contenido_Security::escapeDB($lang, $db)."' AND
|
b.idlang = '" . Contenido_Security::escapeDB($lang, $db) . "' AND
|
||||||
a.idcat = b.idcat AND
|
a.idcat = b.idcat AND
|
||||||
a.idcat = '".Contenido_Security::escapeDB($preid, $db)."'";
|
a.idcat = '" . Contenido_Security::escapeDB($preid, $db) . "'";
|
||||||
|
|
||||||
$db->query($sql);
|
$db->query($sql);
|
||||||
|
|
||||||
if ($db->next_record())
|
|
||||||
{
|
|
||||||
return $db->f("parentid");
|
|
||||||
}else
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
if ($db->next_record()) {
|
||||||
|
return $db->f("parentid");
|
||||||
|
} else {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
function getLevel($catid, &$db)
|
function getLevel($catid, &$db) {
|
||||||
{
|
global $cfg, $client, $lang;
|
||||||
global $cfg, $client, $lang;
|
|
||||||
|
|
||||||
// SECURITY-FIX
|
// SECURITY-FIX
|
||||||
$sql = "SELECT
|
$sql = "SELECT
|
||||||
level
|
level
|
||||||
FROM
|
FROM
|
||||||
".$cfg["tab"]["cat_tree"]."
|
" . $cfg["tab"]["cat_tree"] . "
|
||||||
WHERE
|
WHERE
|
||||||
idcat = '". Contenido_Security::escapeDB($catid, $db)."' ";
|
idcat = '" . Contenido_Security::escapeDB($catid, $db) . "' ";
|
||||||
|
|
||||||
$db->query($sql);
|
|
||||||
|
|
||||||
if ($db->next_record())
|
$db->query($sql);
|
||||||
{
|
|
||||||
return $db->f("level");
|
if ($db->next_record()) {
|
||||||
}else
|
return $db->f("level");
|
||||||
{
|
} else {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return path of a given category up to a certain level
|
* Return path of a given category up to a certain level
|
||||||
*/
|
*/
|
||||||
function getCategoryPath($cat_id, $level, $reverse = true, &$db) {
|
function getCategoryPath($cat_id, $level, $reverse = true, &$db) {
|
||||||
$root_path = array();
|
$root_path = array();
|
||||||
|
|
||||||
array_push($root_path, $cat_id);
|
array_push($root_path, $cat_id);
|
||||||
|
|
||||||
$parent_id = $cat_id;
|
$parent_id = $cat_id;
|
||||||
|
|
||||||
while (getLevel($parent_id, $db) != false AND getLevel($parent_id, $db) > $level AND getLevel($parent_id, $db) >= 0)
|
while (getLevel($parent_id, $db) != false AND getLevel($parent_id, $db) > $level AND getLevel($parent_id, $db) >= 0) {
|
||||||
{
|
|
||||||
|
$parent_id = getParent($parent_id, $db);
|
||||||
$parent_id = getParent($parent_id, $db);
|
if ($parent_id != false) {
|
||||||
if ($parent_id != false)
|
array_push($root_path, $parent_id);
|
||||||
{
|
}
|
||||||
array_push($root_path, $parent_id);
|
}
|
||||||
}
|
|
||||||
|
if ($reverse == true) {
|
||||||
}
|
$root_path = array_reverse($root_path);
|
||||||
|
}
|
||||||
if ($reverse == true)
|
|
||||||
{
|
return $root_path;
|
||||||
$root_path = array_reverse($root_path);
|
|
||||||
}
|
|
||||||
|
|
||||||
return $root_path;
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return location string of a given category
|
* Return location string of a given category
|
||||||
*/
|
*/
|
||||||
function getLocationString($iStartCat, $level, $seperator, $sLinkStyleClass, $sTextStyleClass, $fullweblink = false, $reverse = true, $mod_rewrite = true, $db)
|
function getLocationString($iStartCat, $level, $seperator, $sLinkStyleClass, $sTextStyleClass, $fullweblink = false, $reverse = true, $mod_rewrite = true, $db) {
|
||||||
{
|
global $sess, $cfgClient, $client;
|
||||||
global $sess, $cfgClient, $client;
|
|
||||||
|
|
||||||
$aCatPath = getCategoryPath($iStartCat, $level, $reverse, $db);
|
|
||||||
|
|
||||||
if(is_array($aCatPath) AND count($aCatPath) > 0)
|
|
||||||
{
|
|
||||||
$aLocation = array();
|
|
||||||
foreach($aCatPath as $value)
|
|
||||||
{
|
|
||||||
if (!$fullweblink)
|
|
||||||
{
|
|
||||||
if ($mod_rewrite == true)
|
|
||||||
{
|
|
||||||
$linkUrl = $sess->url("index-a-$value.html");
|
|
||||||
}else
|
|
||||||
{
|
|
||||||
$linkUrl = $sess->url("front_content.php?idcat=$value");
|
|
||||||
}
|
|
||||||
}else
|
|
||||||
{
|
|
||||||
if ($mod_rewrite == true)
|
|
||||||
{
|
|
||||||
$linkUrl = $sess->url($cfgClient[$client]["path"]["htmlpath"] . "index-a-$value.html");
|
|
||||||
}else
|
|
||||||
{
|
|
||||||
$linkUrl = $sess->url($cfgClient[$client]["path"]["htmlpath"] . "front_content.php?idcat=$value");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
$name = getCategoryName($value, $db);
|
|
||||||
$aLocation[] = '<a href="'.$linkUrl.'" class="'.$sLinkStyleClass.'"><nobr>'.$name.'</nobr></a>';
|
|
||||||
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
$sLocation = implode($seperator, $aLocation);
|
|
||||||
$sLocation = '<span class="'.$sTextStyleClass.'">'.$sLocation.'</span>';
|
|
||||||
|
|
||||||
|
|
||||||
return $sLocation;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
$aCatPath = getCategoryPath($iStartCat, $level, $reverse, $db);
|
||||||
|
|
||||||
|
if (is_array($aCatPath) AND count($aCatPath) > 0) {
|
||||||
|
$aLocation = array();
|
||||||
|
foreach ($aCatPath as $value) {
|
||||||
|
if (!$fullweblink) {
|
||||||
|
if ($mod_rewrite == true) {
|
||||||
|
$linkUrl = $sess->url("index-a-$value.html");
|
||||||
|
} else {
|
||||||
|
$linkUrl = $sess->url("front_content.php?idcat=$value");
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if ($mod_rewrite == true) {
|
||||||
|
$linkUrl = $sess->url($cfgClient[$client]["path"]["htmlpath"] . "index-a-$value.html");
|
||||||
|
} else {
|
||||||
|
$linkUrl = $sess->url($cfgClient[$client]["path"]["htmlpath"] . "front_content.php?idcat=$value");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$name = getCategoryName($value, $db);
|
||||||
|
$aLocation[] = '<a href="' . $linkUrl . '" class="' . $sLinkStyleClass . '"><nobr>' . $name . '</nobr></a>';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$sLocation = implode($seperator, $aLocation);
|
||||||
|
$sLocation = '<span class="' . $sTextStyleClass . '">' . $sLocation . '</span>';
|
||||||
|
|
||||||
|
|
||||||
|
return $sLocation;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
|
@ -296,38 +263,33 @@ function getLocationString($iStartCat, $level, $seperator, $sLinkStyleClass, $sT
|
||||||
*
|
*
|
||||||
* @copyright four for business AG <www.4fb.de>
|
* @copyright four for business AG <www.4fb.de>
|
||||||
*/
|
*/
|
||||||
|
function getSubTree($idcat_start, $db) {
|
||||||
function getSubTree($idcat_start, $db)
|
|
||||||
{
|
|
||||||
global $client, $cfg;
|
global $client, $cfg;
|
||||||
|
|
||||||
// SECURITY-FIX
|
// SECURITY-FIX
|
||||||
$sql = "SELECT
|
$sql = "SELECT
|
||||||
B.idcat, A.level
|
B.idcat, A.level
|
||||||
FROM
|
FROM
|
||||||
".$cfg["tab"]["cat_tree"]." AS A,
|
" . $cfg["tab"]["cat_tree"] . " AS A,
|
||||||
".$cfg["tab"]["cat"]." AS B
|
" . $cfg["tab"]["cat"] . " AS B
|
||||||
WHERE
|
WHERE
|
||||||
A.idcat = B.idcat AND
|
A.idcat = B.idcat AND
|
||||||
idclient = '". Contenido_Security::escapeDB($client, $db)."'
|
idclient = '" . Contenido_Security::escapeDB($client, $db) . "'
|
||||||
ORDER BY
|
ORDER BY
|
||||||
idtree";
|
idtree";
|
||||||
|
|
||||||
$db->query($sql);
|
$db->query($sql);
|
||||||
|
|
||||||
$subCats = false;
|
$subCats = false;
|
||||||
$curLevel = 0;
|
$curLevel = 0;
|
||||||
while ($db->next_record())
|
while ($db->next_record()) {
|
||||||
{
|
if ($db->f("idcat") == $idcat_start) {
|
||||||
if ($db->f("idcat") == $idcat_start)
|
$curLevel = $db->f("level");
|
||||||
{
|
$subCats = true;
|
||||||
$curLevel = $db->f("level");
|
} else if ($db->f("level") <= $curLevel) { // ending part of tree
|
||||||
$subCats = true;
|
$subCats = false;
|
||||||
} else if ($db->f("level") <= $curLevel) // ending part of tree
|
}
|
||||||
{
|
|
||||||
$subCats = false;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($subCats == true) { //echo "true"; echo $db->f("idcat"); echo "<br>";
|
if ($subCats == true) { //echo "true"; echo $db->f("idcat"); echo "<br>";
|
||||||
$deeper_cats[] = $db->f("idcat");
|
$deeper_cats[] = $db->f("idcat");
|
||||||
}
|
}
|
||||||
|
@ -335,39 +297,36 @@ function getSubTree($idcat_start, $db)
|
||||||
return $deeper_cats;
|
return $deeper_cats;
|
||||||
}
|
}
|
||||||
|
|
||||||
function getTeaserDeeperCategories($iIdcat, $db)
|
function getTeaserDeeperCategories($iIdcat, $db) {
|
||||||
{
|
global $client, $cfg, $lang;
|
||||||
global $client, $cfg, $lang;
|
|
||||||
|
// SECURITY-FIX
|
||||||
// SECURITY-FIX
|
$sql = "SELECT
|
||||||
$sql = "SELECT
|
|
||||||
B.parentid, B.idcat
|
B.parentid, B.idcat
|
||||||
FROM
|
FROM
|
||||||
".$cfg["tab"]["cat_tree"]." AS A,
|
" . $cfg["tab"]["cat_tree"] . " AS A,
|
||||||
".$cfg["tab"]["cat"]." AS B,
|
" . $cfg["tab"]["cat"] . " AS B,
|
||||||
".$cfg["tab"]["cat_lang"]." AS C
|
" . $cfg["tab"]["cat_lang"] . " AS C
|
||||||
WHERE
|
WHERE
|
||||||
A.idcat = B.idcat AND
|
A.idcat = B.idcat AND
|
||||||
B.idcat = C.idcat AND
|
B.idcat = C.idcat AND
|
||||||
C.idlang = '". Contenido_Security::escapeDB($lang, $db)."' AND
|
C.idlang = '" . Contenido_Security::escapeDB($lang, $db) . "' AND
|
||||||
C.visible = '1' AND
|
C.visible = '1' AND
|
||||||
B.idclient = '". Contenido_Security::escapeDB($client, $db) ."'
|
B.idclient = '" . Contenido_Security::escapeDB($client, $db) . "'
|
||||||
ORDER BY
|
ORDER BY
|
||||||
idtree";
|
idtree";
|
||||||
$db->query($sql);
|
$db->query($sql);
|
||||||
|
|
||||||
|
$subCats = false;
|
||||||
|
$curLevel = 0;
|
||||||
|
while ($db->next_record()) {
|
||||||
|
if ($db->f("idcat") == $iIdcat) {
|
||||||
|
$curLevel = $db->f("level");
|
||||||
|
$subCats = true;
|
||||||
|
} else if ($curLevel == $db->f("level")) { // ending part of tree
|
||||||
|
$subCats = false;
|
||||||
|
}
|
||||||
|
|
||||||
$subCats = false;
|
|
||||||
$curLevel = 0;
|
|
||||||
while ($db->next_record()) {
|
|
||||||
if ($db->f("idcat") == $iIdcat)
|
|
||||||
{
|
|
||||||
$curLevel = $db->f("level");
|
|
||||||
$subCats = true;
|
|
||||||
} else if ($curLevel == $db->f("level")) // ending part of tree
|
|
||||||
{
|
|
||||||
$subCats = false;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($subCats == true) {
|
if ($subCats == true) {
|
||||||
$deeper_cats[] = $db->f("idcat");
|
$deeper_cats[] = $db->f("idcat");
|
||||||
}
|
}
|
||||||
|
@ -384,42 +343,38 @@ function getTeaserDeeperCategories($iIdcat, $db)
|
||||||
*
|
*
|
||||||
* @copyright four for business AG <www.4fb.de>
|
* @copyright four for business AG <www.4fb.de>
|
||||||
*/
|
*/
|
||||||
|
function getProtectedSubTree($idcat_start, $db) {
|
||||||
function getProtectedSubTree($idcat_start, $db)
|
|
||||||
{
|
|
||||||
global $client, $cfg, $lang;
|
global $client, $cfg, $lang;
|
||||||
|
|
||||||
// SECURITY-FIX
|
// SECURITY-FIX
|
||||||
$sql = "SELECT
|
$sql = "SELECT
|
||||||
B.parentid, B.idcat
|
B.parentid, B.idcat
|
||||||
FROM
|
FROM
|
||||||
".$cfg["tab"]["cat_tree"]." AS A,
|
" . $cfg["tab"]["cat_tree"] . " AS A,
|
||||||
".$cfg["tab"]["cat"]." AS B,
|
" . $cfg["tab"]["cat"] . " AS B,
|
||||||
".$cfg["tab"]["cat_lang"]." AS C
|
" . $cfg["tab"]["cat_lang"] . " AS C
|
||||||
WHERE
|
WHERE
|
||||||
A.idcat = B.idcat AND
|
A.idcat = B.idcat AND
|
||||||
B.idcat = C.idcat AND
|
B.idcat = C.idcat AND
|
||||||
C.idlang = '".Contenido_Security::escapeDB($lang, $db)."' AND
|
C.idlang = '" . Contenido_Security::escapeDB($lang, $db) . "' AND
|
||||||
C.visible = '1' AND
|
C.visible = '1' AND
|
||||||
C.public = '1' AND
|
C.public = '1' AND
|
||||||
B.idclient = '".Contenido_Security::escapeDB($client, $db)."'
|
B.idclient = '" . Contenido_Security::escapeDB($client, $db) . "'
|
||||||
ORDER BY
|
ORDER BY
|
||||||
idtree";
|
idtree";
|
||||||
|
|
||||||
$db->query($sql);
|
$db->query($sql);
|
||||||
|
|
||||||
$subCats = false;
|
$subCats = false;
|
||||||
$curLevel = 0;
|
$curLevel = 0;
|
||||||
while ( $db->next_record() ) {
|
while ($db->next_record()) {
|
||||||
if ($db->f("idcat") == $idcat_start)
|
if ($db->f("idcat") == $idcat_start) {
|
||||||
{
|
$curLevel = $db->f("level");
|
||||||
$curLevel = $db->f("level");
|
$subCats = true;
|
||||||
$subCats = true;
|
} else if ($curLevel == $db->f("level")) { // ending part of tree
|
||||||
} else if ($curLevel == $db->f("level")) // ending part of tree
|
$subCats = false;
|
||||||
{
|
}
|
||||||
$subCats = false;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($subCats == true) { //echo "true"; echo $db->f("idcat"); echo "<br>";
|
if ($subCats == true) { //echo "true"; echo $db->f("idcat"); echo "<br>";
|
||||||
$deeper_cats[] = $db->f("idcat");
|
$deeper_cats[] = $db->f("idcat");
|
||||||
}
|
}
|
||||||
|
@ -427,42 +382,37 @@ function getProtectedSubTree($idcat_start, $db)
|
||||||
return $deeper_cats;
|
return $deeper_cats;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return category name
|
* Return category name
|
||||||
*/
|
*/
|
||||||
|
|
||||||
function getCategoryName($cat_id, &$db) {
|
function getCategoryName($cat_id, &$db) {
|
||||||
|
|
||||||
global $cfg, $client, $lang;
|
global $cfg, $client, $lang;
|
||||||
|
|
||||||
// SECURITY-FIX
|
// SECURITY-FIX
|
||||||
$sql = "SELECT
|
$sql = "SELECT
|
||||||
*
|
*
|
||||||
FROM
|
FROM
|
||||||
".$cfg["tab"]["cat"]." AS A,
|
" . $cfg["tab"]["cat"] . " AS A,
|
||||||
".$cfg["tab"]["cat_lang"]." AS B
|
" . $cfg["tab"]["cat_lang"] . " AS B
|
||||||
WHERE
|
WHERE
|
||||||
A.idcat = B.idcat AND
|
A.idcat = B.idcat AND
|
||||||
A.idcat = '". Contenido_Security::escapeDB($cat_id, $db)."' AND
|
A.idcat = '" . Contenido_Security::escapeDB($cat_id, $db) . "' AND
|
||||||
A.idclient = '".Contenido_Security::escapeDB($client, $db)."' AND
|
A.idclient = '" . Contenido_Security::escapeDB($client, $db) . "' AND
|
||||||
B.idlang = '".Contenido_Security::escapeDB($lang, $db)."'
|
B.idlang = '" . Contenido_Security::escapeDB($lang, $db) . "'
|
||||||
";
|
";
|
||||||
|
|
||||||
$db->query($sql);
|
$db->query($sql);
|
||||||
|
|
||||||
if ($db->next_record())
|
if ($db->next_record()) {
|
||||||
{
|
$cat_name = $db->f("name");
|
||||||
$cat_name = $db->f("name");
|
return $cat_name;
|
||||||
return $cat_name;
|
} else {
|
||||||
|
return '';
|
||||||
}
|
}
|
||||||
else
|
}
|
||||||
{
|
|
||||||
return '';
|
// end function
|
||||||
}
|
|
||||||
|
|
||||||
} // end function
|
|
||||||
|
|
||||||
// get direct subcategories of a given category
|
// get direct subcategories of a given category
|
||||||
function getSubCategories($parent_id, $db) {
|
function getSubCategories($parent_id, $db) {
|
||||||
|
@ -470,37 +420,36 @@ function getSubCategories($parent_id, $db) {
|
||||||
$subcategories = array();
|
$subcategories = array();
|
||||||
|
|
||||||
global $cfg, $client, $lang;
|
global $cfg, $client, $lang;
|
||||||
|
|
||||||
// SECURITY-FIX
|
// SECURITY-FIX
|
||||||
$sql = "SELECT
|
$sql = "SELECT
|
||||||
A.idcat
|
A.idcat
|
||||||
FROM
|
FROM
|
||||||
".$cfg["tab"]["cat_tree"]." AS A,
|
" . $cfg["tab"]["cat_tree"] . " AS A,
|
||||||
".$cfg["tab"]["cat"]." AS B,
|
" . $cfg["tab"]["cat"] . " AS B,
|
||||||
".$cfg["tab"]["cat_lang"]." AS C
|
" . $cfg["tab"]["cat_lang"] . " AS C
|
||||||
WHERE
|
WHERE
|
||||||
A.idcat = B.idcat AND
|
A.idcat = B.idcat AND
|
||||||
B.idcat = C.idcat AND
|
B.idcat = C.idcat AND
|
||||||
B.idclient = '". Contenido_Security::escapeDB($client, $db)."' AND
|
B.idclient = '" . Contenido_Security::escapeDB($client, $db) . "' AND
|
||||||
C.idlang = '".Contenido_Security::escapeDB($lang, $db)."' AND
|
C.idlang = '" . Contenido_Security::escapeDB($lang, $db) . "' AND
|
||||||
C.visible = '1' AND
|
C.visible = '1' AND
|
||||||
C.public = '1' AND
|
C.public = '1' AND
|
||||||
B.parentid = '".Contenido_Security::escapeDB($parent_id, $db)."'
|
B.parentid = '" . Contenido_Security::escapeDB($parent_id, $db) . "'
|
||||||
ORDER BY
|
ORDER BY
|
||||||
A.idtree";
|
A.idtree";
|
||||||
|
|
||||||
$db->query($sql);
|
$db->query($sql);
|
||||||
|
|
||||||
while ( $db->next_record() ) {
|
while ($db->next_record()) {
|
||||||
|
|
||||||
$subcategories[] = $db->f("idcat");
|
$subcategories[] = $db->f("idcat");
|
||||||
|
|
||||||
} // end while
|
} // end while
|
||||||
|
|
||||||
return $subcategories;
|
return $subcategories;
|
||||||
|
}
|
||||||
} // end function
|
|
||||||
|
|
||||||
|
// end function
|
||||||
|
|
||||||
// get direct subcategories with protected categories
|
// get direct subcategories with protected categories
|
||||||
function getProtectedSubCategories($parent_id, $db) {
|
function getProtectedSubCategories($parent_id, $db) {
|
||||||
|
@ -514,59 +463,59 @@ function getProtectedSubCategories($parent_id, $db) {
|
||||||
$sql = "SELECT
|
$sql = "SELECT
|
||||||
A.idcat
|
A.idcat
|
||||||
FROM
|
FROM
|
||||||
".$cfg["tab"]["cat_tree"]." AS A,
|
" . $cfg["tab"]["cat_tree"] . " AS A,
|
||||||
".$cfg["tab"]["cat"]." AS B,
|
" . $cfg["tab"]["cat"] . " AS B,
|
||||||
".$cfg["tab"]["cat_lang"]." AS C
|
" . $cfg["tab"]["cat_lang"] . " AS C
|
||||||
WHERE
|
WHERE
|
||||||
A.idcat = B.idcat AND
|
A.idcat = B.idcat AND
|
||||||
B.idcat = C.idcat AND
|
B.idcat = C.idcat AND
|
||||||
B.idclient = '".Contenido_Security::escapeDB($client, $db)."' AND
|
B.idclient = '" . Contenido_Security::escapeDB($client, $db) . "' AND
|
||||||
C.idlang = '".Contenido_Security::escapeDB($lang, $db)."' AND
|
C.idlang = '" . Contenido_Security::escapeDB($lang, $db) . "' AND
|
||||||
B.parentid = '".Contenido_Security::escapeDB($parent_id, $db)."'
|
B.parentid = '" . Contenido_Security::escapeDB($parent_id, $db) . "'
|
||||||
ORDER BY
|
ORDER BY
|
||||||
A.idtree";
|
A.idtree";
|
||||||
|
|
||||||
$db->query($sql);
|
$db->query($sql);
|
||||||
|
|
||||||
while ( $db->next_record() ) {
|
while ($db->next_record()) {
|
||||||
|
|
||||||
$subcategories[] = $db->f("idcat");
|
$subcategories[] = $db->f("idcat");
|
||||||
|
|
||||||
} // end while
|
} // end while
|
||||||
|
|
||||||
return $subcategories;
|
return $subcategories;
|
||||||
|
}
|
||||||
|
|
||||||
} // end function
|
// end function
|
||||||
|
|
||||||
function checkCatPermission($idcatlang, $public) {
|
function checkCatPermission($idcatlang, $public) {
|
||||||
#Check if current user has permissions to access cat
|
#Check if current user has permissions to access cat
|
||||||
|
|
||||||
global $auth;
|
global $auth;
|
||||||
|
|
||||||
$oDB = new DB_Contenido;
|
|
||||||
|
|
||||||
$FrontendPermissionCollection = new FrontendPermissionCollection;
|
|
||||||
$visible=false;
|
|
||||||
|
|
||||||
if($public!=0){
|
$oDB = new DB_ConLite();
|
||||||
$visible = true;
|
|
||||||
}elseif(($auth->auth['uid']!='')&&($auth->auth['uid']!='nobody')){
|
$FrontendPermissionCollection = new FrontendPermissionCollection;
|
||||||
$FrontendGroupMemberCollection = new FrontendGroupMemberCollection;
|
$visible = false;
|
||||||
$FrontendGroupMemberCollection->setWhere("idfrontenduser",$auth->auth['uid']);
|
|
||||||
$FrontendGroupMemberCollection->query();
|
if ($public != 0) {
|
||||||
$groups = array();
|
$visible = true;
|
||||||
while ($member = $FrontendGroupMemberCollection->next()){
|
$groups = array();
|
||||||
$groups[] = $member->get("idfrontendgroup");
|
} elseif (($auth->auth['uid'] != '') && ($auth->auth['uid'] != 'nobody')) {
|
||||||
}
|
$FrontendGroupMemberCollection = new FrontendGroupMemberCollection;
|
||||||
}
|
$FrontendGroupMemberCollection->setWhere("idfrontenduser", $auth->auth['uid']);
|
||||||
if(count($groups)>0){
|
$FrontendGroupMemberCollection->query();
|
||||||
for($i=0;$i<count($groups);$i++){
|
$groups = array();
|
||||||
if($FrontendPermissionCollection->checkPerm($groups[$i],'category','access',$idcatlang, true)){
|
while ($member = $FrontendGroupMemberCollection->next()) {
|
||||||
$visible=true;
|
$groups[] = $member->get("idfrontendgroup");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
if (count($groups) > 0) {
|
||||||
|
for ($i = 0; $i < count($groups); $i++) {
|
||||||
return $visible;
|
if ($FrontendPermissionCollection->checkPerm($groups[$i], 'category', 'access', $idcatlang, true)) {
|
||||||
}
|
$visible = true;
|
||||||
?>
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return $visible;
|
||||||
|
}
|
Laden…
In neuem Issue referenzieren