Bug Report 6 - User without canviewhidden permission can't vote

Bug Id

Reporter

mix

Product/Version

Bugdar / 1.0.0

Status

Closed

Severity

Minor

Duplicate Of

- none -

Fixed in Revision

Mstone

Summary

User without canviewhidden permission can't vote

Report Time

March 8, 2006 04:11 PM

Assignment

- none -

Resolution

Fixed

Priority

Normal

Dependencies

- none -

Mstone (old)

Votes

For: 0 (0%)

Against: 0 (0%)

Total: 0

March 8, 2006 04:11 PM mix

Hi,

We're using Bugdar as our Bugtracker.
A member of our community has detected a Bug in vote.php, line 30:
$bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = " . intval($bugsys->in['bugid']) . ((!can_perform('canviewhidden')) ? " AND !bug.hidden" : ''));

You see, FROM is with the table_prefix bug but after the AND for checking if the bug is hidden, there isn't any table prefix hidden..
Solution#1: add ".TABLE_PREFIX." before bug.hidden
Solution#2: remove bug. before hidden

Good evening,
mix

March 10, 2006 08:25 AM Robert

This is now fixed in SVN and will appear in the next release.

That query used to be a join and I forgot to remove the bug. bit. So I used the second solution provided and the query now reads:

$db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = " . intval($bugsys->in['bugid']) . ((!can_perform('canviewhidden')) ? " AND !hidden" : ''));

On March 10, 2006 08:25 AM, Robert changed:

Status from "Unconfirmed" to "Closed"
Resolution from "Open" to "Fixed"