diff --git a/cms/includes/functions.navigation.php b/cms/includes/functions.navigation.php index 624a679..066a31d 100644 --- a/cms/includes/functions.navigation.php +++ b/cms/includes/functions.navigation.php @@ -1,4 +1,5 @@ query($sql); - while($db->next_record()) - { - $cat_id = $db->f("idcat"); - $cat_idlang = $db->f("idcatlang"); - $visible=false; - if($db->f("public")!=0){ - $visible = true; - }elseif(($auth->auth['uid']!='')&&($auth->auth['uid']!='nobody')){ - $FrontendGroupMemberCollection = new FrontendGroupMemberCollection; + while ($db->next_record()) { + $cat_id = $db->f("idcat"); + $cat_idlang = $db->f("idcatlang"); + $visible = false; + if ($db->f("public") != 0) { + $visible = true; + } elseif (($auth->auth['uid'] != '') && ($auth->auth['uid'] != 'nobody')) { + $FrontendGroupMemberCollection = new FrontendGroupMemberCollection; - $FrontendGroupMemberCollection->setWhere("idfrontenduser",$auth->auth['uid']); - $FrontendGroupMemberCollection->query(); - $groups = array(); - while ($member = $FrontendGroupMemberCollection->next()){ - $groups[] = $member->get("idfrontendgroup"); - } - } - if(count($groups)>0){ - for($i=0;$icheckPerm($groups[$i],'category','access',$cat_idlang, true)){ - $visible=true; - } - } - } - if($visible){ - $navigation[$cat_id] = array("idcat" => $cat_id, - "name" => $db->f("name"), - "target" => '_self', # you can not call getTarget($cat_id, &$db) at this point with the same db instance! - "public" => $db->f("public")); - } + $FrontendGroupMemberCollection->setWhere("idfrontenduser", $auth->auth['uid']); + $FrontendGroupMemberCollection->query(); + $groups = array(); + while ($member = $FrontendGroupMemberCollection->next()) { + $groups[] = $member->get("idfrontendgroup"); + } + } + if (count($groups) > 0) { + for ($i = 0; $i < count($groups); $i++) { + if ($FrontendPermissionCollection->checkPerm($groups[$i], 'category', 'access', $cat_idlang, true)) { + $visible = true; + } + } + } + if ($visible) { + $navigation[$cat_id] = array("idcat" => $cat_id, + "name" => $db->f("name"), + "target" => '_self', # you can not call getTarget($cat_id, &$db) at this point with the same db instance! + "public" => $db->f("public")); + } } // end while $db->free(); - return $navigation; + return $navigation; } - /** * Return target of a given category id * * @deprecated */ function getTarget($cat_id, $db) { - global $cfg, $client, $lang; + global $cfg, $client, $lang; // SECURITY-FIX $sql = "SELECT a.external_redirect AS ext FROM - ".$cfg["tab"]["art_lang"]." AS a, - ".$cfg["tab"]["cat_art"]." AS b, - ".$cfg["tab"]["cat"]." AS c + " . $cfg["tab"]["art_lang"] . " AS a, + " . $cfg["tab"]["cat_art"] . " AS b, + " . $cfg["tab"]["cat"] . " AS c WHERE - b.idcat = '".Contenido_Security::escapeDB($cat_id, $db)."' AND - c.idclient = '".Contenido_Security::escapeDB($client, $db)."' AND + b.idcat = '" . Contenido_Security::escapeDB($cat_id, $db) . "' AND + c.idclient = '" . Contenido_Security::escapeDB($client, $db) . "' AND c.idcat = b.idcat AND a.idart = b.idart AND - a.idlang = '".Contenido_Security::escapeDB($lang, $db)."'"; + a.idlang = '" . Contenido_Security::escapeDB($lang, $db) . "'"; - $db->query($sql); - $db->next_record(); + $db->query($sql); + $db->next_record(); - $target = ( $db->f('ext') == 0 ) ? '_self' : '_blank'; - - $db->free(); - return $target; + $target = ( $db->f('ext') == 0 ) ? '_self' : '_blank'; + + $db->free(); + return $target; } /** * Return true if $parentid is parent of $catid */ - function isParent($parentid, $catid, $db) { - - global $cfg, $client, $lang; - // SECURITY-FIX - $sql = "SELECT + + global $cfg, $client, $lang; + // SECURITY-FIX + $sql = "SELECT a.parentid FROM - ".$cfg["tab"]["cat"]." AS a, - ".$cfg["tab"]["cat_lang"]." AS b + " . $cfg["tab"]["cat"] . " AS a, + " . $cfg["tab"]["cat_lang"] . " AS b WHERE - a.idclient = '". Contenido_Security::escapeDB($client, $db)."' AND - b.idlang = '".Contenido_Security::escapeDB($lang, $db)."' AND + a.idclient = '" . Contenido_Security::escapeDB($client, $db) . "' AND + b.idlang = '" . Contenido_Security::escapeDB($lang, $db) . "' AND a.idcat = b.idcat AND - a.idcat = '".Contenido_Security::escapeDB($catid, $db)."'"; + a.idcat = '" . Contenido_Security::escapeDB($catid, $db) . "'"; - $db->query($sql); - $db->next_record(); + $db->query($sql); + $db->next_record(); - $pre = $db->f("parentid"); - - if($parentid == $pre) - { - return true; - } - else - { - return false; - } + $pre = $db->f("parentid"); + + if ($parentid == $pre) { + return true; + } else { + return false; + } } function getParent($preid, &$db) { - global $cfg, $client, $lang; + global $cfg, $client, $lang; // SECURITY-FIX - $sql = "SELECT + $sql = "SELECT a.parentid FROM - ".$cfg["tab"]["cat"]." AS a, - ".$cfg["tab"]["cat_lang"]." AS b + " . $cfg["tab"]["cat"] . " AS a, + " . $cfg["tab"]["cat_lang"] . " AS b WHERE - a.idclient = '".Contenido_Security::escapeDB($client, $db)."' AND - b.idlang = '".Contenido_Security::escapeDB($lang, $db)."' AND + a.idclient = '" . Contenido_Security::escapeDB($client, $db) . "' AND + b.idlang = '" . Contenido_Security::escapeDB($lang, $db) . "' AND a.idcat = b.idcat AND - a.idcat = '".Contenido_Security::escapeDB($preid, $db)."'"; + a.idcat = '" . Contenido_Security::escapeDB($preid, $db) . "'"; - $db->query($sql); - - if ($db->next_record()) - { - return $db->f("parentid"); - }else - { - return false; - } + $db->query($sql); + if ($db->next_record()) { + return $db->f("parentid"); + } else { + return false; + } } -function getLevel($catid, &$db) -{ - global $cfg, $client, $lang; +function getLevel($catid, &$db) { + global $cfg, $client, $lang; // SECURITY-FIX - $sql = "SELECT + $sql = "SELECT level FROM - ".$cfg["tab"]["cat_tree"]." + " . $cfg["tab"]["cat_tree"] . " WHERE - idcat = '". Contenido_Security::escapeDB($catid, $db)."' "; - - $db->query($sql); + idcat = '" . Contenido_Security::escapeDB($catid, $db) . "' "; - if ($db->next_record()) - { - return $db->f("level"); - }else - { - return false; - } - + $db->query($sql); + + if ($db->next_record()) { + return $db->f("level"); + } else { + return false; + } } - /** * Return path of a given category up to a certain level */ function getCategoryPath($cat_id, $level, $reverse = true, &$db) { - $root_path = array(); + $root_path = array(); - array_push($root_path, $cat_id); + array_push($root_path, $cat_id); - $parent_id = $cat_id; - - while (getLevel($parent_id, $db) != false AND getLevel($parent_id, $db) > $level AND getLevel($parent_id, $db) >= 0) - { - - $parent_id = getParent($parent_id, $db); - if ($parent_id != false) - { - array_push($root_path, $parent_id); - } - - } - - if ($reverse == true) - { - $root_path = array_reverse($root_path); - } - - return $root_path; - + $parent_id = $cat_id; + + while (getLevel($parent_id, $db) != false AND getLevel($parent_id, $db) > $level AND getLevel($parent_id, $db) >= 0) { + + $parent_id = getParent($parent_id, $db); + if ($parent_id != false) { + array_push($root_path, $parent_id); + } + } + + if ($reverse == true) { + $root_path = array_reverse($root_path); + } + + return $root_path; } - /** * Return location string of a given category */ -function getLocationString($iStartCat, $level, $seperator, $sLinkStyleClass, $sTextStyleClass, $fullweblink = false, $reverse = true, $mod_rewrite = true, $db) -{ - global $sess, $cfgClient, $client; - - $aCatPath = getCategoryPath($iStartCat, $level, $reverse, $db); - - if(is_array($aCatPath) AND count($aCatPath) > 0) - { - $aLocation = array(); - foreach($aCatPath as $value) - { - if (!$fullweblink) - { - if ($mod_rewrite == true) - { - $linkUrl = $sess->url("index-a-$value.html"); - }else - { - $linkUrl = $sess->url("front_content.php?idcat=$value"); - } - }else - { - if ($mod_rewrite == true) - { - $linkUrl = $sess->url($cfgClient[$client]["path"]["htmlpath"] . "index-a-$value.html"); - }else - { - $linkUrl = $sess->url($cfgClient[$client]["path"]["htmlpath"] . "front_content.php?idcat=$value"); - } - } - $name = getCategoryName($value, $db); - $aLocation[] = ''.$name.''; - - } - } - - $sLocation = implode($seperator, $aLocation); - $sLocation = ''.$sLocation.''; - - - return $sLocation; -} +function getLocationString($iStartCat, $level, $seperator, $sLinkStyleClass, $sTextStyleClass, $fullweblink = false, $reverse = true, $mod_rewrite = true, $db) { + global $sess, $cfgClient, $client; + $aCatPath = getCategoryPath($iStartCat, $level, $reverse, $db); + + if (is_array($aCatPath) AND count($aCatPath) > 0) { + $aLocation = array(); + foreach ($aCatPath as $value) { + if (!$fullweblink) { + if ($mod_rewrite == true) { + $linkUrl = $sess->url("index-a-$value.html"); + } else { + $linkUrl = $sess->url("front_content.php?idcat=$value"); + } + } else { + if ($mod_rewrite == true) { + $linkUrl = $sess->url($cfgClient[$client]["path"]["htmlpath"] . "index-a-$value.html"); + } else { + $linkUrl = $sess->url($cfgClient[$client]["path"]["htmlpath"] . "front_content.php?idcat=$value"); + } + } + $name = getCategoryName($value, $db); + $aLocation[] = '' . $name . ''; + } + } + + $sLocation = implode($seperator, $aLocation); + $sLocation = '' . $sLocation . ''; + + + return $sLocation; +} /** * @@ -296,38 +263,33 @@ function getLocationString($iStartCat, $level, $seperator, $sLinkStyleClass, $sT * * @copyright four for business AG */ - -function getSubTree($idcat_start, $db) -{ +function getSubTree($idcat_start, $db) { global $client, $cfg; // SECURITY-FIX $sql = "SELECT B.idcat, A.level FROM - ".$cfg["tab"]["cat_tree"]." AS A, - ".$cfg["tab"]["cat"]." AS B + " . $cfg["tab"]["cat_tree"] . " AS A, + " . $cfg["tab"]["cat"] . " AS B WHERE A.idcat = B.idcat AND - idclient = '". Contenido_Security::escapeDB($client, $db)."' + idclient = '" . Contenido_Security::escapeDB($client, $db) . "' ORDER BY idtree"; $db->query($sql); - $subCats = false; - $curLevel = 0; - while ($db->next_record()) - { - if ($db->f("idcat") == $idcat_start) - { - $curLevel = $db->f("level"); - $subCats = true; - } else if ($db->f("level") <= $curLevel) // ending part of tree - { - $subCats = false; - } - + $subCats = false; + $curLevel = 0; + while ($db->next_record()) { + if ($db->f("idcat") == $idcat_start) { + $curLevel = $db->f("level"); + $subCats = true; + } else if ($db->f("level") <= $curLevel) { // ending part of tree + $subCats = false; + } + if ($subCats == true) { //echo "true"; echo $db->f("idcat"); echo "
"; $deeper_cats[] = $db->f("idcat"); } @@ -335,39 +297,36 @@ function getSubTree($idcat_start, $db) return $deeper_cats; } -function getTeaserDeeperCategories($iIdcat, $db) -{ - global $client, $cfg, $lang; - - // SECURITY-FIX - $sql = "SELECT +function getTeaserDeeperCategories($iIdcat, $db) { + global $client, $cfg, $lang; + + // SECURITY-FIX + $sql = "SELECT B.parentid, B.idcat FROM - ".$cfg["tab"]["cat_tree"]." AS A, - ".$cfg["tab"]["cat"]." AS B, - ".$cfg["tab"]["cat_lang"]." AS C + " . $cfg["tab"]["cat_tree"] . " AS A, + " . $cfg["tab"]["cat"] . " AS B, + " . $cfg["tab"]["cat_lang"] . " AS C WHERE A.idcat = B.idcat AND B.idcat = C.idcat AND - C.idlang = '". Contenido_Security::escapeDB($lang, $db)."' AND + C.idlang = '" . Contenido_Security::escapeDB($lang, $db) . "' AND C.visible = '1' AND - B.idclient = '". Contenido_Security::escapeDB($client, $db) ."' + B.idclient = '" . Contenido_Security::escapeDB($client, $db) . "' ORDER BY idtree"; - $db->query($sql); + $db->query($sql); + + $subCats = false; + $curLevel = 0; + while ($db->next_record()) { + if ($db->f("idcat") == $iIdcat) { + $curLevel = $db->f("level"); + $subCats = true; + } else if ($curLevel == $db->f("level")) { // ending part of tree + $subCats = false; + } - $subCats = false; - $curLevel = 0; - while ($db->next_record()) { - if ($db->f("idcat") == $iIdcat) - { - $curLevel = $db->f("level"); - $subCats = true; - } else if ($curLevel == $db->f("level")) // ending part of tree - { - $subCats = false; - } - if ($subCats == true) { $deeper_cats[] = $db->f("idcat"); } @@ -384,42 +343,38 @@ function getTeaserDeeperCategories($iIdcat, $db) * * @copyright four for business AG */ - -function getProtectedSubTree($idcat_start, $db) -{ +function getProtectedSubTree($idcat_start, $db) { global $client, $cfg, $lang; - - // SECURITY-FIX + + // SECURITY-FIX $sql = "SELECT B.parentid, B.idcat FROM - ".$cfg["tab"]["cat_tree"]." AS A, - ".$cfg["tab"]["cat"]." AS B, - ".$cfg["tab"]["cat_lang"]." AS C + " . $cfg["tab"]["cat_tree"] . " AS A, + " . $cfg["tab"]["cat"] . " AS B, + " . $cfg["tab"]["cat_lang"] . " AS C WHERE A.idcat = B.idcat AND B.idcat = C.idcat AND - C.idlang = '".Contenido_Security::escapeDB($lang, $db)."' AND + C.idlang = '" . Contenido_Security::escapeDB($lang, $db) . "' AND C.visible = '1' AND C.public = '1' AND - B.idclient = '".Contenido_Security::escapeDB($client, $db)."' + B.idclient = '" . Contenido_Security::escapeDB($client, $db) . "' ORDER BY idtree"; - + $db->query($sql); - $subCats = false; - $curLevel = 0; - while ( $db->next_record() ) { - if ($db->f("idcat") == $idcat_start) - { - $curLevel = $db->f("level"); - $subCats = true; - } else if ($curLevel == $db->f("level")) // ending part of tree - { - $subCats = false; - } - + $subCats = false; + $curLevel = 0; + while ($db->next_record()) { + if ($db->f("idcat") == $idcat_start) { + $curLevel = $db->f("level"); + $subCats = true; + } else if ($curLevel == $db->f("level")) { // ending part of tree + $subCats = false; + } + if ($subCats == true) { //echo "true"; echo $db->f("idcat"); echo "
"; $deeper_cats[] = $db->f("idcat"); } @@ -427,42 +382,37 @@ function getProtectedSubTree($idcat_start, $db) return $deeper_cats; } - - /** * Return category name */ - function getCategoryName($cat_id, &$db) { - + global $cfg, $client, $lang; - - // SECURITY-FIX + + // SECURITY-FIX $sql = "SELECT * FROM - ".$cfg["tab"]["cat"]." AS A, - ".$cfg["tab"]["cat_lang"]." AS B + " . $cfg["tab"]["cat"] . " AS A, + " . $cfg["tab"]["cat_lang"] . " AS B WHERE A.idcat = B.idcat AND - A.idcat = '". Contenido_Security::escapeDB($cat_id, $db)."' AND - A.idclient = '".Contenido_Security::escapeDB($client, $db)."' AND - B.idlang = '".Contenido_Security::escapeDB($lang, $db)."' + A.idcat = '" . Contenido_Security::escapeDB($cat_id, $db) . "' AND + A.idclient = '" . Contenido_Security::escapeDB($client, $db) . "' AND + B.idlang = '" . Contenido_Security::escapeDB($lang, $db) . "' "; $db->query($sql); - - if ($db->next_record()) - { - $cat_name = $db->f("name"); - return $cat_name; + + if ($db->next_record()) { + $cat_name = $db->f("name"); + return $cat_name; + } else { + return ''; } - else - { - return ''; - } - -} // end function +} + +// end function // get direct subcategories of a given category function getSubCategories($parent_id, $db) { @@ -470,37 +420,36 @@ function getSubCategories($parent_id, $db) { $subcategories = array(); global $cfg, $client, $lang; - + // SECURITY-FIX $sql = "SELECT A.idcat FROM - ".$cfg["tab"]["cat_tree"]." AS A, - ".$cfg["tab"]["cat"]." AS B, - ".$cfg["tab"]["cat_lang"]." AS C + " . $cfg["tab"]["cat_tree"] . " AS A, + " . $cfg["tab"]["cat"] . " AS B, + " . $cfg["tab"]["cat_lang"] . " AS C WHERE A.idcat = B.idcat AND B.idcat = C.idcat AND - B.idclient = '". Contenido_Security::escapeDB($client, $db)."' AND - C.idlang = '".Contenido_Security::escapeDB($lang, $db)."' AND + B.idclient = '" . Contenido_Security::escapeDB($client, $db) . "' AND + C.idlang = '" . Contenido_Security::escapeDB($lang, $db) . "' AND C.visible = '1' AND C.public = '1' AND - B.parentid = '".Contenido_Security::escapeDB($parent_id, $db)."' + B.parentid = '" . Contenido_Security::escapeDB($parent_id, $db) . "' ORDER BY A.idtree"; $db->query($sql); - while ( $db->next_record() ) { + while ($db->next_record()) { $subcategories[] = $db->f("idcat"); - } // end while - return $subcategories; - -} // end function + return $subcategories; +} +// end function // get direct subcategories with protected categories function getProtectedSubCategories($parent_id, $db) { @@ -514,59 +463,59 @@ function getProtectedSubCategories($parent_id, $db) { $sql = "SELECT A.idcat FROM - ".$cfg["tab"]["cat_tree"]." AS A, - ".$cfg["tab"]["cat"]." AS B, - ".$cfg["tab"]["cat_lang"]." AS C + " . $cfg["tab"]["cat_tree"] . " AS A, + " . $cfg["tab"]["cat"] . " AS B, + " . $cfg["tab"]["cat_lang"] . " AS C WHERE A.idcat = B.idcat AND B.idcat = C.idcat AND - B.idclient = '".Contenido_Security::escapeDB($client, $db)."' AND - C.idlang = '".Contenido_Security::escapeDB($lang, $db)."' AND - B.parentid = '".Contenido_Security::escapeDB($parent_id, $db)."' + B.idclient = '" . Contenido_Security::escapeDB($client, $db) . "' AND + C.idlang = '" . Contenido_Security::escapeDB($lang, $db) . "' AND + B.parentid = '" . Contenido_Security::escapeDB($parent_id, $db) . "' ORDER BY A.idtree"; $db->query($sql); - while ( $db->next_record() ) { + while ($db->next_record()) { $subcategories[] = $db->f("idcat"); - } // end while - return $subcategories; + return $subcategories; +} -} // end function +// end function function checkCatPermission($idcatlang, $public) { - #Check if current user has permissions to access cat + #Check if current user has permissions to access cat - global $auth; - - $oDB = new DB_Contenido; - - $FrontendPermissionCollection = new FrontendPermissionCollection; - $visible=false; + global $auth; - if($public!=0){ - $visible = true; - }elseif(($auth->auth['uid']!='')&&($auth->auth['uid']!='nobody')){ - $FrontendGroupMemberCollection = new FrontendGroupMemberCollection; - $FrontendGroupMemberCollection->setWhere("idfrontenduser",$auth->auth['uid']); - $FrontendGroupMemberCollection->query(); - $groups = array(); - while ($member = $FrontendGroupMemberCollection->next()){ - $groups[] = $member->get("idfrontendgroup"); - } - } - if(count($groups)>0){ - for($i=0;$icheckPerm($groups[$i],'category','access',$idcatlang, true)){ - $visible=true; - } - } - } - - return $visible; -} -?> \ No newline at end of file + $oDB = new DB_ConLite(); + + $FrontendPermissionCollection = new FrontendPermissionCollection; + $visible = false; + + if ($public != 0) { + $visible = true; + $groups = array(); + } elseif (($auth->auth['uid'] != '') && ($auth->auth['uid'] != 'nobody')) { + $FrontendGroupMemberCollection = new FrontendGroupMemberCollection; + $FrontendGroupMemberCollection->setWhere("idfrontenduser", $auth->auth['uid']); + $FrontendGroupMemberCollection->query(); + $groups = array(); + while ($member = $FrontendGroupMemberCollection->next()) { + $groups[] = $member->get("idfrontendgroup"); + } + } + if (count($groups) > 0) { + for ($i = 0; $i < count($groups); $i++) { + if ($FrontendPermissionCollection->checkPerm($groups[$i], 'category', 'access', $idcatlang, true)) { + $visible = true; + } + } + } + + return $visible; +} \ No newline at end of file