Tracker: Bugs
Subjects can change subject-pool ID to any value upon registration by
amending get query (/participant_create.php?s=1&dr=Yes), or by amending the
form hidden values afterwards. Though tagsets/participant.php has some
subpool ID validity check it does not amend the hidden parameter in the
form. What have to be changed:
First, tagsets/participant.php, function 'participant__form':
Now:
if (!$subpool['subpool_id']){
$subpool=orsee_db_load_array("subpools",1,"subpool_id");
Should be:
if (!$subpool['subpool_id']){
$subpool=orsee_db_load_array("subpools",1,"subpool_id");
$_REQUEST['subpool_id'] = $subpool['subpool_id'];
}
Second, public/participant_create.php, $_REQUEST['add'] processing:
The following should be added anywhere before $participant=$_REQUEST
assignment:
if (!$_REQUEST['subpool_id'])
$_REQUEST['subpool_id']=$settings['subpool_default_registration_id'];
$subpool=orsee_db_load_array("subpools",$_REQUEST['subpool_id'],"subpool_i
d");
if (!$subpool['subpool_id']){
$subpool=orsee_db_load_array("subpools",1,"subpool_id");
$_REQUEST['subpool_id'] = $subpool['subpool_id'];
}
Third, public/participant_edit.php, $_REQUEST['add'] processing:
Given that there is no possibility of changing sub-pool in the subject's
details editing form, and unlikely that it will be needed, I suggest to
simply unset subject_id request anywhere before $participant=$_REQUEST
assignment:
unset ($_REQUEST['subpool_id']);
Thanks,
Ruslan
Ben Greiner
Public Area
None
Public
Comment ( 1 )
|
Date: 2009-03-02 04:00 Thanks for the report. |
Attached File
No Files Currently Attached
Changes ( 4 )
| Field | Old Value | Date | By |
|---|---|---|---|
| status_id | Open | 2009-03-02 04:03 | bengreiner |
| resolution_id | None | 2009-03-02 04:03 | bengreiner |
| allow_comments | 1 | 2009-03-02 04:03 | bengreiner |
| close_date | - | 2009-03-02 04:03 | bengreiner |
About SourceForge
Develop Software
Community
Copyright © 2010 Geeknet, Inc. All rights reserved. Terms of Use
