From 0589fd287e3b3e29e70a73106c9c8404ea68a4b4 Mon Sep 17 00:00:00 2001
From: "o.pinke" <o.pinke@conlite.org>
Date: Fri, 10 Feb 2023 11:55:27 +0100
Subject: [PATCH] fixed bug with empty description

---
 conlite/includes/grouprights_lay.inc.php | 159 ++++++++++-------------
 conlite/includes/grouprights_mod.inc.php |   4 +-
 conlite/includes/grouprights_tpl.inc.php |   4 +-
 3 files changed, 74 insertions(+), 93 deletions(-)

diff --git a/conlite/includes/grouprights_lay.inc.php b/conlite/includes/grouprights_lay.inc.php
index 9bfc145..6b52fb3 100644
--- a/conlite/includes/grouprights_lay.inc.php
+++ b/conlite/includes/grouprights_lay.inc.php
@@ -1,4 +1,5 @@
 <?php
+
 /**
  * Project: 
  * Contenido Content Management System
@@ -29,31 +30,28 @@
  * }}
  * 
  */
-
 if (!defined('CON_FRAMEWORK')) {
-	die('Illegal call');
+    die('Illegal call');
 }
 
 
 //notice $oTpl is filled and generated in file rights.inc.php this file renders $oTpl to browser
-include_once($cfg['path']['contenido'].'includes/grouprights.inc.php');
+include_once($cfg['path']['contenido'] . 'includes/grouprights.inc.php');
 
 //set the areas which are in use fore selecting these
-$possible_area = "'".implode("','", $area_tree[$perm->showareas("lay")])."'";
-$sql = "SELECT A.idarea, A.idaction, A.idcat, B.name, C.name FROM ".$cfg["tab"]["rights"]." AS A, ".$cfg["tab"]["area"]." AS B, ".$cfg["tab"]["actions"]." AS C WHERE user_id='".Contenido_Security::escapeDB($groupid, $db)."' AND idclient='".Contenido_Security::toInteger($rights_client)."' AND A.type = 1 AND idlang='".Contenido_Security::toInteger($rights_lang)."' AND B.idarea IN ($possible_area) AND idcat!='0' AND A.idaction = C.idaction AND A.idarea = C.idarea AND A.idarea = B.idarea";
+$possible_area = "'" . implode("','", $area_tree[$perm->showareas("lay")]) . "'";
+$sql = "SELECT A.idarea, A.idaction, A.idcat, B.name, C.name FROM " . $cfg["tab"]["rights"] . " AS A, " . $cfg["tab"]["area"] . " AS B, " . $cfg["tab"]["actions"] . " AS C WHERE user_id='" . Contenido_Security::escapeDB($groupid, $db) . "' AND idclient='" . Contenido_Security::toInteger($rights_client) . "' AND A.type = 1 AND idlang='" . Contenido_Security::toInteger($rights_lang) . "' AND B.idarea IN ($possible_area) AND idcat!='0' AND A.idaction = C.idaction AND A.idarea = C.idarea AND A.idarea = B.idarea";
 $db->query($sql);
-$rights_list_old = array ();
+$rights_list_old = array();
 while ($db->next_record()) { //set a new rights list fore this user
-	$rights_list_old[$db->f(3)."|".$db->f(4)."|".$db->f("idcat")] = "x";
+    $rights_list_old[$db->f(3) . "|" . $db->f(4) . "|" . $db->f("idcat")] = "x";
 }
-if (($perm->have_perm_area_action($area, $action)) && ($action == "user_edit"))
-{
-	saverights();
-}else {
-	if (!$perm->have_perm_area_action($area, $action))
-	{
-	$notification->displayNotification("error", i18n("Permission denied"));
-	}
+if (($perm->have_perm_area_action($area, $action)) && ($action == "user_edit")) {
+    saverights();
+} else {
+    if (!$perm->have_perm_area_action($area, $action)) {
+        $notification->displayNotification("error", i18n("Permission denied"));
+    }
 }
 
 // declare temp variables
@@ -65,52 +63,47 @@ $sTable = '';
 $sJsBefore .= "var itemids=new Array();
      var actareaids=new Array(); \n";
 
-if (($perm->have_perm_area_action($area, $action)) && ($action == "group_edit"))
-{
-	saverights();
-}else {
-	if (!$perm->have_perm_area_action($area, $action))
-	{
-		$notification->displayNotification("error", i18n("Permission denied"));
-	}
+if (($perm->have_perm_area_action($area, $action)) && ($action == "group_edit")) {
+    saverights();
+} else {
+    if (!$perm->have_perm_area_action($area, $action)) {
+        $notification->displayNotification("error", i18n("Permission denied"));
+    }
 }
 
 
-$colspan=0;
+$colspan = 0;
 
 $oTable = new Table($cfg["color"]["table_border"], "solid", 0, 2, $cfg["color"]["table_header"], $cfg["color"]["table_light"], $cfg["color"]["table_dark"], 0, 0);
 
 $sTable .= $oTable->start_table();
 $sTable .= $oTable->header_row();
 $sTable .= $oTable->header_cell(i18n("Layout name"));
-$sTable .= $oTable->header_cell(i18n("Description")); 
+$sTable .= $oTable->header_cell(i18n("Description"));
 
-$possible_areas=array();
+$possible_areas = array();
 $sCheckboxesRow = '';
 $aSecondHeaderRow = array();
 
 // look for possible actions   in mainarea []
-foreach($right_list["lay"] as $value2)
-{
-	//if there are some actions
-	if(is_array($value2["action"]))
-	//set the areas that are in use
-	foreach($value2["action"] as $key3 => $value3)
-	{
-		$possible_areas[$value2["perm"]]="";
-		$colspan++;
-		//set  the possible areas and actions for this areas
-		$sJsBefore .= "actareaids[\"$value3|".$value2["perm"]."\"]=\"x\";\n"; 
-		
-		//checkbox for the whole action
-		$sTable .= $oTable->header_cell($lngAct[$value2["perm"]][$value3]);
-		array_push($aSecondHeaderRow, "<input type=\"checkbox\" name=\"checkall_".$value2["perm"]."_$value3\" value=\"\" onClick=\"setRightsFor('".$value2["perm"]."','$value3','')\">");
+foreach ($right_list["lay"] as $value2) {
+    //if there are some actions
+    if (is_array($value2["action"]))
+    //set the areas that are in use
+        foreach ($value2["action"] as $key3 => $value3) {
+            $possible_areas[$value2["perm"]] = "";
+            $colspan++;
+            //set  the possible areas and actions for this areas
+            $sJsBefore .= "actareaids[\"$value3|" . $value2["perm"] . "\"]=\"x\";\n";
 
-	}
+            //checkbox for the whole action
+            $sTable .= $oTable->header_cell($lngAct[$value2["perm"]][$value3]);
+            array_push($aSecondHeaderRow, "<input type=\"checkbox\" name=\"checkall_" . $value2["perm"] . "_$value3\" value=\"\" onClick=\"setRightsFor('" . $value2["perm"] . "','$value3','')\">");
+        }
 }
 
-        //checkbox for all rights
-$sTable .= $oTable->header_cell(i18n("Check all"));  
+//checkbox for all rights
+$sTable .= $oTable->header_cell(i18n("Check all"));
 array_push($aSecondHeaderRow, "<input type=\"checkbox\" name=\"checkall\" value=\"\" onClick=\"setRightsForAll()\">");
 $sTable .= $oTable->end_row();
 
@@ -121,71 +114,59 @@ $sTable .= $oTable->header_cell('&nbsp', 'center', '', '', 0);
 $sTable .= $oTable->header_cell('&nbsp', 'center', '', '', 0);
 
 // Put the checkbox in the table
-foreach($aSecondHeaderRow as $value){
-	$sTable .= $oTable->header_cell($value, "center", "", "", 0);
+foreach ($aSecondHeaderRow as $value) {
+    $sTable .= $oTable->header_cell($value, "center", "", "", 0);
 }
 $sTable .= $oTable->end_row();
 
 //Select the itemid�s
-$sql = "SELECT * FROM ".$cfg["tab"]["lay"]." WHERE idclient='".Contenido_Security::toInteger($rights_client)."' ORDER BY name";
+$sql = "SELECT * FROM " . $cfg["tab"]["lay"] . " WHERE idclient='" . Contenido_Security::toInteger($rights_client) . "' ORDER BY name";
 $db->query($sql);
 
-
 while ($db->next_record()) {
 
-	$sTplName     = clHtmlEntities($db->f("name"));
-	$sDescription = clHtmlEntities($db->f("description"));
+    $sTplName = clHtmlEntities($db->f("name"));
+    $sDescription = empty($db->f("description")) ? '' : clHtmlEntities($db->f("description"));
+
+    $sTable .= $oTable->row();
+    $sTable .= $oTable->cell($sTplName, "", "", " class=\"td_rights0\"", false);
+    $sTable .= $oTable->cell($sDescription, "", "", " class=\"td_rights1\" style=\"white-space:normal; \"", false);
+
+    //set javscript array for itemids
+    $sJsBefore .= "itemids[\"" . $db->f("idlay") . "\"]=\"x\";\n";
+
+    // look for possible actions in mainarea[]
+    foreach ($right_list["lay"] as $value2) {
+
+        //if there area some
+        if (is_array($value2["action"]))
+            foreach ($value2["action"] as $key3 => $value3) {
+                //does the user have the right
+                if (in_array($value2["perm"] . "|$value3|" . $db->f("idlay"), array_keys($rights_list_old)))
+                    $checked = "checked=\"checked\"";
+                else
+                    $checked = "";
 
 
-	$sTable .= $oTable->row();
-	$sTable .= $oTable->cell($sTplName, "", "", " class=\"td_rights0\"", false);
-	$sTable .= $oTable->cell($sDescription, "", "", " class=\"td_rights1\" style=\"white-space:normal; \"", false);
-
-
-	//set javscript array for itemids
-	$sJsBefore .= "itemids[\"".$db->f("idlay")."\"]=\"x\";\n";
-
-	// look for possible actions in mainarea[]
-	foreach($right_list["lay"] as $value2)
-	{
-
-		//if there area some
-		if(is_array($value2["action"]))
-		foreach($value2["action"] as $key3 => $value3)
-		{
-		//does the user have the right
-		if(in_array($value2["perm"]."|$value3|".$db->f("idlay"),array_keys($rights_list_old)))
-		$checked="checked=\"checked\"";
-		else
-		$checked="";
-		
-		
-		//set the checkbox    the name consits of      areait+actionid+itemid
-		//"<input type=\"checkbox\"  name=\"rights_list[".$value2["perm"]."|$value3|".$db->f("idlay")."]\" value=\"x\" $checked>
-		 $sTable .= $oTable->cell("<input type=\"checkbox\"  name=\"rights_list[".$value2["perm"]."|$value3|".$db->f("idlay")."]\" value=\"x\" $checked>", "", "", " class=\"td_rights3\"", false );
-	
-		}
-	
-	
-	}
+                //set the checkbox    the name consits of      areait+actionid+itemid
+                //"<input type=\"checkbox\"  name=\"rights_list[".$value2["perm"]."|$value3|".$db->f("idlay")."]\" value=\"x\" $checked>
+                $sTable .= $oTable->cell("<input type=\"checkbox\"  name=\"rights_list[" . $value2["perm"] . "|$value3|" . $db->f("idlay") . "]\" value=\"x\" $checked>", "", "", " class=\"td_rights3\"", false);
+            }
+    }
 //checkbox for checking all actions fore this itemid
-	$sTable .= $oTable->cell("<input type=\"checkbox\" name=\"checkall_".$value2["perm"]."_".$value3."_".$db->f("idlay")."\" value=\"\" onClick=\"setRightsFor('".$value2["perm"]."','$value3','".$db->f("idlay")."')\">","", "", " class=\"td_rights3\"", false);
-	$sTable .= $oTable->end_row();
-
+    $sTable .= $oTable->cell("<input type=\"checkbox\" name=\"checkall_" . $value2["perm"] . "_" . $value3 . "_" . $db->f("idlay") . "\" value=\"\" onClick=\"setRightsFor('" . $value2["perm"] . "','$value3','" . $db->f("idlay") . "')\">", "", "", " class=\"td_rights3\"", false);
+    $sTable .= $oTable->end_row();
 }
 
 $sTable .= $oTable->end_row();
 $sTable .= $oTable->row();
-$sTable .= $oTable->sumcell("<a href=javascript:submitrightsform('','area')><img src=\"".$cfg['path']['images']."but_cancel.gif\" border=0></a><img src=\"images/spacer.gif\" width=\"20\"> <a href=javascript:submitrightsform('group_edit','')><img src=\"".$cfg['path']['images']."but_ok.gif\" border=0></a>","right");
+$sTable .= $oTable->sumcell("<a href=javascript:submitrightsform('','area')><img src=\"" . $cfg['path']['images'] . "but_cancel.gif\" border=0></a><img src=\"images/spacer.gif\" width=\"20\"> <a href=javascript:submitrightsform('group_edit','')><img src=\"" . $cfg['path']['images'] . "but_ok.gif\" border=0></a>", "right");
 $sTable .= $oTable->end_row();
 $sTable .= $oTable->end_table();
 
-
 // generate Template
 $oTpl->set('s', 'JS_SCRIPT_BEFORE', $sJsBefore);
 $oTpl->set('s', 'JS_SCRIPT_AFTER', $sJsAfter);
 $oTpl->set('s', 'RIGHTS_CONTENT', $sTable);
 $oTpl->set('s', 'EXTERNAL_SCRIPTS', $sJsExternal);
-$oTpl->generate('templates/standard/'.$cfg['templates']['rights_inc']);
-
-?>
+$oTpl->generate('templates/standard/' . $cfg['templates']['rights_inc']);
\ No newline at end of file
diff --git a/conlite/includes/grouprights_mod.inc.php b/conlite/includes/grouprights_mod.inc.php
index 2d17fad..7752eb6 100644
--- a/conlite/includes/grouprights_mod.inc.php
+++ b/conlite/includes/grouprights_mod.inc.php
@@ -116,8 +116,8 @@ $db->query($sql);
 
 while ($db->next_record()) {
 
-        $tplname     = clHtmlEntities($db->f("name"));
-        $description = clHtmlEntities($db->f("description"));
+        $tplname     = clHtmlEntities($db->f("name"));     
+        $description = empty($db->f("description"))?'':clHtmlEntities($db->f("description"));
 
         $sTable .= $table->row();
         $sTable .= $table->cell($tplname,"", "", " class=\"td_rights0\"", false);
diff --git a/conlite/includes/grouprights_tpl.inc.php b/conlite/includes/grouprights_tpl.inc.php
index dbe6fac..b6d47fb 100644
--- a/conlite/includes/grouprights_tpl.inc.php
+++ b/conlite/includes/grouprights_tpl.inc.php
@@ -121,8 +121,8 @@ $db->query($sql);
 
 while ($db->next_record()) {
 
-        $tplname     = clHtmlEntities($db->f("name"));
-        $description = clHtmlEntities($db->f("description"));
+        $tplname     = clHtmlEntities($db->f("name"));     
+        $description = empty($db->f("description"))?'':clHtmlEntities($db->f("description"));
 
         $sTable .= $table->row();
         $sTable .= $table->cell($tplname,"", "", " class=\"td_rights0\"", false);