Index: branches/unlabeled/unlabeled-1.38.2/core/kernel/event_manager.php =================================================================== diff -u -r6128 -r6235 --- branches/unlabeled/unlabeled-1.38.2/core/kernel/event_manager.php (.../event_manager.php) (revision 6128) +++ branches/unlabeled/unlabeled-1.38.2/core/kernel/event_manager.php (.../event_manager.php) (revision 6235) @@ -309,7 +309,8 @@ case 'd': // "down/push" new template to opener stack, deeplevel++ if ($this->Application->GetVar('front')) { - array_push($opener_stack, '../'.$this->Application->RecallVar('last_template') ); + $front_session =& $this->Application->recallObject('Session.front'); + array_push($opener_stack, '../'.$front_session->RecallVar('last_template') ); } else { array_push($opener_stack, $this->Application->RecallVar('last_template') ); @@ -334,18 +335,18 @@ $this->Application->StoreVar('opener_stack', serialize($opener_stack)); } - + function openerStackPush($t, $params, $pass = 'all') { $opener_stack = $this->Application->RecallVar('opener_stack'); - $opener_stack = $opener_stack ? unserialize($opener_stack) : Array(); - + $opener_stack = $opener_stack ? unserialize($opener_stack) : Array(); + $redirect_params = array_merge_recursive2(Array('m_opener' => 'u', '__URLENCODE__' => 1), $params); $new_level = $this->Application->BuildEnv($t, $redirect_params, $pass, true); array_push($opener_stack, 'index.php|'.ltrim($new_level, ENV_VAR_NAME.'=') ); $this->Application->StoreVar('opener_stack', serialize($opener_stack)); } - + function registerHook($hookto_prefix, $hookto_special, $hookto_event, $mode, $do_prefix, $do_special, $do_event, $conditional) { if( !$this->Application->prefixRegistred($hookto_prefix) ) Index: branches/unlabeled/unlabeled-1.156.2/core/kernel/application.php =================================================================== diff -u -r6104 -r6235 --- branches/unlabeled/unlabeled-1.156.2/core/kernel/application.php (.../application.php) (revision 6104) +++ branches/unlabeled/unlabeled-1.156.2/core/kernel/application.php (.../application.php) (revision 6235) @@ -1327,7 +1327,7 @@ $session =& $this->recallObject('Session'); $ssl = isset($params['__SSL__']) ? $params['__SSL__'] : 0; $sid = $session->NeedQueryString() && !$this->RewriteURLs($ssl) ? $this->GetSID() : ''; - if (getArrayValue($params,'admin') == 1) $sid = $this->GetSID(); +// if (getArrayValue($params,'admin') == 1) $sid = $this->GetSID(); $ret = ''; if ($env_var) { @@ -1480,7 +1480,11 @@ } ob_end_flush(); - $this->Session->SaveData(); + // session expiration is called from session initialization, + // that's why $this->Session may be not defined here + if (is_object($this->Session)) { + $this->Session->SaveData(); + } exit; } Index: branches/unlabeled/unlabeled-1.74.2/core/kernel/db/db_event_handler.php =================================================================== diff -u -r6144 -r6235 --- branches/unlabeled/unlabeled-1.74.2/core/kernel/db/db_event_handler.php (.../db_event_handler.php) (revision 6144) +++ branches/unlabeled/unlabeled-1.74.2/core/kernel/db/db_event_handler.php (.../db_event_handler.php) (revision 6235) @@ -1480,8 +1480,17 @@ if(!$field_type) $field_type = 'string'; // default LIKE filter for all fields without type $filter_value = ''; - $table_name = ($filter_type == 'where') ? '`'.$object->TableName.'`.' : ''; + if (preg_match('/(.*)\.(.*)/', $search_field, $regs)) { + $table_name = '`'.$regs[1].'`.'; + $search_field = $regs[2]; + } + elseif ($filter_type == 'where') { + $table_name = '`'.$object->TableName.'`.'; + } + + $table_name = ($filter_type == 'where') ? $table_name : ''; + // get field clause by formatter name and/or parameters $formatter = getArrayValue($object->Fields[$search_field],'formatter'); switch($formatter) Index: branches/unlabeled/unlabeled-1.18.2/core/units/general/helpers/permissions_helper.php =================================================================== diff -u -r6107 -r6235 --- branches/unlabeled/unlabeled-1.18.2/core/units/general/helpers/permissions_helper.php (.../permissions_helper.php) (revision 6107) +++ branches/unlabeled/unlabeled-1.18.2/core/units/general/helpers/permissions_helper.php (.../permissions_helper.php) (revision 6235) @@ -335,7 +335,13 @@ */ function CheckPermission($name, $type = 1, $cat_id = null) { - if ($this->Application->GetVar('u_id') == -1) { + $user_id = $this->Application->GetVar('u_id'); + return $this->CheckUserPermission($user_id, $name, $type, $cat_id); + } + + function CheckUserPermission($user_id, $name, $type = 1, $cat_id = null) + { + if ($user_id == -1) { // "root" is allowed anywhere return $name == 'SYSTEM_ACCESS.READONLY' ? 0 : 1; } @@ -371,7 +377,16 @@ WHERE (PermId = '.$perm_id.') AND (CategoryId = '.$cat_id.')'; $view_filters = Array(); - $groups = explode(',', $this->Application->RecallVar('UserGroups')); + if ($user_id == $this->Application->GetVar('u_id')) { + $groups = explode(',', $this->Application->RecallVar('UserGroups')); + } + else { // checking not current user + $sql = 'SELECT GroupId FROM '.TABLE_PREFIX.'UserGroup + WHERE (PortalUserId = '.$user_id.') AND + ( (MembershipExpires IS NULL) OR ( MembershipExpires >= UNIX_TIMESTAMP() ) )'; + $groups = $this->Conn->GetCol($sql); + array_push($groups, $this->Application->ConfigValue('User_LoggedInGroup') ); + } foreach ($groups as $group) { $view_filters[] = 'FIND_IN_SET('.$group.', ACL)'; } Index: branches/unlabeled/unlabeled-1.18.2/kernel/units/general/helpers/permissions_helper.php =================================================================== diff -u -r6107 -r6235 --- branches/unlabeled/unlabeled-1.18.2/kernel/units/general/helpers/permissions_helper.php (.../permissions_helper.php) (revision 6107) +++ branches/unlabeled/unlabeled-1.18.2/kernel/units/general/helpers/permissions_helper.php (.../permissions_helper.php) (revision 6235) @@ -335,7 +335,13 @@ */ function CheckPermission($name, $type = 1, $cat_id = null) { - if ($this->Application->GetVar('u_id') == -1) { + $user_id = $this->Application->GetVar('u_id'); + return $this->CheckUserPermission($user_id, $name, $type, $cat_id); + } + + function CheckUserPermission($user_id, $name, $type = 1, $cat_id = null) + { + if ($user_id == -1) { // "root" is allowed anywhere return $name == 'SYSTEM_ACCESS.READONLY' ? 0 : 1; } @@ -371,7 +377,16 @@ WHERE (PermId = '.$perm_id.') AND (CategoryId = '.$cat_id.')'; $view_filters = Array(); - $groups = explode(',', $this->Application->RecallVar('UserGroups')); + if ($user_id == $this->Application->GetVar('u_id')) { + $groups = explode(',', $this->Application->RecallVar('UserGroups')); + } + else { // checking not current user + $sql = 'SELECT GroupId FROM '.TABLE_PREFIX.'UserGroup + WHERE (PortalUserId = '.$user_id.') AND + ( (MembershipExpires IS NULL) OR ( MembershipExpires >= UNIX_TIMESTAMP() ) )'; + $groups = $this->Conn->GetCol($sql); + array_push($groups, $this->Application->ConfigValue('User_LoggedInGroup') ); + } foreach ($groups as $group) { $view_filters[] = 'FIND_IN_SET('.$group.', ACL)'; } Index: branches/unlabeled/unlabeled-1.51.2/kernel/include/modules.php =================================================================== diff -u -r6135 -r6235 --- branches/unlabeled/unlabeled-1.51.2/kernel/include/modules.php (.../modules.php) (revision 6135) +++ branches/unlabeled/unlabeled-1.51.2/kernel/include/modules.php (.../modules.php) (revision 6235) @@ -4,9 +4,13 @@ */ $ado =& GetADODBConnection(); -$session_cookie_name = $ado->GetOne('SELECT VariableValue FROM '.$g_TablePrefix.'ConfigurationValues WHERE VariableName = "SessionCookieName"'); -define('SESSION_COOKIE_NAME', $session_cookie_name ? $session_cookie_name : 'sid'); +$application =& kApplication::Instance(); +define('SESSION_COOKIE_NAME', $application->Session->CookieName); + +/*$session_cookie_name = $ado->GetOne('SELECT VariableValue FROM '.$g_TablePrefix.'ConfigurationValues WHERE VariableName = "SessionCookieName"'); +define('SESSION_COOKIE_NAME', $session_cookie_name ? $session_cookie_name : 'sid'); +*/ set_cookie('cookies_on', '1', adodb_mktime() + 31104000); // if branches that uses if($mod_prefix) or like that will never be executed @@ -339,72 +343,72 @@ function admin_login() { - global $objSession,$login_error, $objConfig,$g_Allow,$g_Deny; -// echo "
"; print_r($objSession); echo ""; + global $objSession,$login_error, $objConfig,$g_Allow,$g_Deny; + // echo "
"; print_r($objSession); echo ""; if( GetVar('help_usage') == 'install' ) return true; - $env_arr = explode('-', $_GET['env']); - $get_session_key = $env_arr[0]; - $admin_login = isset($_POST['adminlogin']) && $_POST['adminlogin']; - if(!$objSession->ValidSession() || ($objSession->GetSessionKey() != $get_session_key && !$admin_login)) { - if( isset($_GET['expired']) && ($_GET['expired'] == 1) ) - $login_error = admin_language("la_text_sess_expired"); + $env_arr = explode('-', $_GET['env']); + $get_session_key = $env_arr[0]; + $admin_login = isset($_POST['adminlogin']) && $_POST['adminlogin']; + if(!$objSession->ValidSession()) { // || ($objSession->GetSessionKey() != $get_session_key && !$admin_login) + if( isset($_GET['expired']) && ($_GET['expired'] == 1) ) + $login_error = admin_language("la_text_sess_expired"); - return FALSE; - //echo "Expired