View Issue Details

IDProjectCategoryView StatusLast Update
0016725phplist applicationSubscriber Importpublic22-03-13 12:36
Reportercarlo.dambrosio 
PrioritynoneSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
PlatformPHPListOSRed Hat Enterprise LinuxOS Version5.8 x64
Product VersionSVN 
Target Version2.11.8Fixed in Version2.11.8 
Summary0016725: At the end of user import into a list, all lists are showing, not only those owned by admin
DescriptionAt the end of user import into a list, all lists are showing, not only those owned by admin.
Steps To ReproduceCreate more than one list with same category using different administrators (or superadmin and an administrator).

Logged as administrator, not superadmin, go to manage lists and add user to a list: in import simple insert a new email and confirm.

User will be added to selected list, but in lists windows now are shown all lists of same category (or without category), also those of other administrators and superadmin.
Additional InformationProblem is inclusion of "importsimple.php" into "lists.php", cause two files are using same variable $subselect.
When creating new user inclusion reset variable of "lists.php" and query is no more filtered by owner, but only by category.
I attach the patch for renaming "importsimple.php" variable from "$subselect" to "$subselectimp".
TagsNo tags attached.

Activities

carlo.dambrosio

18-11-12 20:16

reporter  

importsimple_bug_svn_3465.diff (2,659 bytes)
*** ./phplist/public_html/lists/admin/importsimple.php	2012-11-18 15:27:02.000000000 +0100
--- /var/www/html/admin/importsimple.php	2012-11-18 21:01:28.000000000 +0100
***************
*** 1,7 ****
  <?php
  require_once dirname(__FILE__).'/accesscheck.php';
  
! $subselect = '';
  @ob_end_flush();
  
  if (!ALLOW_IMPORT) {
--- 1,7 ----
  <?php
  require_once dirname(__FILE__).'/accesscheck.php';
  
! $subselectimp = '';
  @ob_end_flush();
  
  if (!ALLOW_IMPORT) {
***************
*** 102,128 ****
    $access = accessLevel("import1");
    switch ($access) {
      case "owner":
!       $subselect = " where owner = ".$_SESSION["logindetails"]["id"];break;
      case "all":
!       $subselect = "";break;
      case "none":
      default:
!       $subselect = " where id = 0";break;
    }
  }
  
  if (isset($_GET['list'])) {
    $id = sprintf('%d',$_GET['list']);
!   if (!empty($subselect)) {
!     $subselect .= ' and id = '.$id;
    } else {
!     $subselect .= ' where id = '.$id;
    }
  } 
  #print PageLinkDialog('addlist',$GLOBALS['I18N']->get('Add a new list'));
  print FormStart(' enctype="multipart/form-data" name="import"');
  
! $result = Sql_query("SELECT id,name FROM ".$tables["list"]."$subselect ORDER BY listorder");
  $total = Sql_Num_Rows($result);
  $c=0;
  if ($total == 1) {
--- 102,128 ----
    $access = accessLevel("import1");
    switch ($access) {
      case "owner":
!       $subselectimp = " where owner = ".$_SESSION["logindetails"]["id"];break;
      case "all":
!       $subselectimp = "";break;
      case "none":
      default:
!       $subselectimp = " where id = 0";break;
    }
  }
  
  if (isset($_GET['list'])) {
    $id = sprintf('%d',$_GET['list']);
!   if (!empty($subselectimp)) {
!     $subselectimp .= ' and id = '.$id;
    } else {
!     $subselectimp .= ' where id = '.$id;
    }
  } 
  #print PageLinkDialog('addlist',$GLOBALS['I18N']->get('Add a new list'));
  print FormStart(' enctype="multipart/form-data" name="import"');
  
! $result = Sql_query("SELECT id,name FROM ".$tables["list"]."$subselectimp ORDER BY listorder");
  $total = Sql_Num_Rows($result);
  $c=0;
  if ($total == 1) {
***************
*** 131,137 ****
  } else {
    $content .= '<p>'.$GLOBALS['I18N']->get('Select the lists to add the emails to').'</p>';
  
!   $content .= ListSelectHTML($selected_lists,'importlists',$subselect);
  }
  
  $content .= '<p class="information">'.
--- 131,137 ----
  } else {
    $content .= '<p>'.$GLOBALS['I18N']->get('Select the lists to add the emails to').'</p>';
  
!   $content .= ListSelectHTML($selected_lists,'importlists',$subselectimp);
  }
  
  $content .= '<p class="information">'.

michiel

19-11-12 12:31

manager   ~0051914

ah, yes, good one. Noticed it as well, and then forgot to "mantis it"

michiel

22-03-13 12:36

manager   ~0051970

thanks