#2879 Error when privacy settings enabled

v4.2.4
closed-fixed
Gerry Kroll
None
5
2011-10-03
2011-09-14
Blaza
No

There is a bug in the code. When privacy checks are made username is applied in DB queries instead of user_id.
These lines need to be fixed:
includes/functions/functions_privacy.php line 463, 488, 489

< if ($USE_RELATIONSHIP_PRIVACY || get_user_setting(PGV_USER_ID, 'relationship_privacy')=="Y") {
---
> if ($USE_RELATIONSHIP_PRIVACY || get_user_setting($username, 'relationship_privacy')=="Y") {
< if (get_user_setting(PGV_USER_ID, 'max_relation_path')>0) {
< $path_length = get_user_setting(PGV_USER_ID, 'max_relation_path');
---
> if (get_user_setting($username, 'max_relation_path')>0) {
> $path_length = get_user_setting($username, 'max_relation_path');

Discussion

  • Blaza
    Blaza
    2011-09-14

    Error visible on portal page:
    Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[22P02]: Invalid text representation: 7 ERROR: invalid input syntax for integer: "Karen"' in /includes/classes/class_pgv_db.php:835 Stack trace: #0 [internal function]: PDOStatement->execute(Array) #1 /includes/classes/class_pgv_db.php(835): call_user_func_array(Array, Array) #2 /includes/functions/functions_db.php(2745): PGV_DBStatement->__call('execute', Array) #3 /includes/functions/functions_db.php(2745): PGV_DBStatement->execute(Array) #4 /includes/functions/functions_privacy.php(463): get_user_setting('Karen', 'relationship_pr...') #5 /includes/functions/functions_privacy.php(818): displayDetailsById('I306', 'INDI') #6 /includes/classes/class_gedcomrecord.php(96): privatize_gedcom('0 @I306@ INDI?1...') #7 /includes/classes/class_person.php(77): Gedcom in /includes/classes/class_pgv_db.php on line 835

     
  • Gerry Kroll
    Gerry Kroll
    2011-10-03

    Thank you.

    Correction has been applied to SVN 7064.

     
  • Gerry Kroll
    Gerry Kroll
    2011-10-03

    • assigned_to: nobody --> canajun2eh
    • status: open --> closed-fixed