phplist

NOTE:: Before reporting an issue, make sure you are running the latest version, currently 3.3.1


View Issue Details Jump to Notes ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0008897phplist applicationAll Otherpublic11-01-07 01:0118-02-08 14:08
Reporterhola 
PrioritynormalSeveritymajorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version2.10.4 
Target Version2.10.7Fixed in Version2.10.5 
Summary0008897: Incorrrect count in users.php when owner role applied
DescriptionWhen you have an admin who has owner rights on the users role and,
has more than one mailing list that they own and,
has a subscriber in more than one of the admins owned lists.

The users total search count will count the subscriber more than once. For example if subscriber@domain.com belongs to two mailing lists owned by the admin and the admin has owner rights on the users functions subscriber@domain will e counted twice in the results.
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
related to 0003721closed phplist 2.10.x 

-  Notes
(0022425)
hola (reporter)
11-01-07 01:03

Offending code below - this is quite urgent as it is reporting wrong results to my clients

case "owner":
      $table_list = $tables["user"].','.$tables["listuser"].','.$tables["list"].$findtables;
      $subselect = "{$tables["user"]}.id = {$tables["listuser"]}.userid and {$tables["listuser"]}.listid = {$tables["list"]}.id and {$tables["list"]}.owner = ".$_SESSION["logindetails"]["id"];
      if ($find) {
        $listquery = "select {$tables["user"]}.email,{$tables["user"]}.id,$findfield,confirmed from ".$table_list." where $subselect and $findbyselect";
        $count = Sql_query("SELECT count({$tables["user"]}.id) FROM ".$table_list ." where $subselect and $findbyselect");
        $unconfirmedcount = Sql_query("SELECT count({$tables["user"]}.id) FROM ".$table_list ." where $subselect and !confirmed and $findbyselect");
      } else {
        $listquery = "select {$tables["user"]}.email,{$tables["user"]}.id,$findfield,confirmed from ".$table_list." where $subselect";
        $count = Sql_query("SELECT count({$tables["user"]}.id) FROM ".$table_list ." where $subselect");
        $unconfirmedcount = Sql_query("SELECT count({$tables["user"]}.id) FROM ".$table_list ." where !confirmed and $subselect");
      }
      if ($_GET["unconfirmed"])
        $listquery .= ' and !confirmed ';
      if ($_GET["blacklisted"])
        $listquery .= ' and blacklisted ';
      break;
(0025517)
yan (reporter)
06-04-07 07:45

Another way to describe the issue is this: a superadmin will have the correct tally of 'all users'. Any restricted admin won't, as users will be counted differently: theyt are counted based on the lists the admin owns. If one user is on 3 lists owned by a restricted admin, the email will be counted 3 times.
To count users correctly, you'd have to look at the ownership of lists and then at the user membership of those lists, and then at the users. Currently, the user handling keeps it simple, by just checking the user table, where "admin ownership" isn't known.
(0030989)
user1822
23-08-07 20:56

Added DISTINCT to sql queries


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker