kontakt
/
engelsystem
3
0
Fork 0
Code Issues 12 Pull Requests Projects Releases Wiki Activity

fix edit user bug deleting emails

Browse Source
main
msquare 8 years ago
parent 07a0ed37ec
commit 2f2d08c574
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File

4
includes/controller/shift_entries_controller.php
Unescape Escape View File

@ -34,7 +34,7 @@ function shift_entry_add_controller() {
if (in_array('user_shifts_admin', $privileges) || in_array('shiftentry_edit_angeltype_supporter', $privileges)) { if (in_array('user_shifts_admin', $privileges) || in_array('shiftentry_edit_angeltype_supporter', $privileges)) {
$type = AngelType($type_id); $type = AngelType($type_id);
} else { } else {
$type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = '" . sql_escape($type_id) . "' AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = '" . sql_escape($user['UID']) . "' AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL)) LIMIT 1"); $type = sql_select("SELECT * FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `AngelTypes`.`id` = '" . sql_escape($type_id) . "' AND (`AngelTypes`.`restricted` = 0 OR (`UserAngelTypes`.`user_id` = '" . sql_escape($user['UID']) . "' AND NOT `UserAngelTypes`.`confirm_user_id` IS NULL))");
$type = $type[0]; $type = $type[0];
} }
@ -91,7 +91,7 @@ function shift_entry_add_controller() {
engelsystem_error('Unable to create shift entry.'); engelsystem_error('Unable to create shift entry.');
} }
if ($type['restricted'] == 0 && sql_num_query("SELECT * FROM `UserAngelTypes` INNER JOIN `AngelTypes` ON `AngelTypes`.`id` = `UserAngelTypes`.`angeltype_id` WHERE `angeltype_id` = '" . sql_escape($selected_type_id) . "' AND `user_id` = '" . sql_escape($user_id) . "' ") == 0) { if ($type['restricted'] == 0 && sql_num_query("SELECT * FROM `UserAngelTypes` INNER JOIN `AngelTypes` ON `AngelTypes`.`id` = `UserAngelTypes`.`angeltype_id` WHERE `angeltype_id` = '" . sql_escape($selected_type_id) . "' AND `user_id` = '" . sql_escape($user_id) . "'") == 0) {
sql_query("INSERT INTO `UserAngelTypes` (`user_id`, `angeltype_id`) VALUES ('" . sql_escape($user_id) . "', '" . sql_escape($selected_type_id) . "')"); sql_query("INSERT INTO `UserAngelTypes` (`user_id`, `angeltype_id`) VALUES ('" . sql_escape($user_id) . "', '" . sql_escape($selected_type_id) . "')");
} }

2
includes/pages/admin_user.php
Unescape Escape View File

@ -173,7 +173,7 @@ function admin_user() {
`Handy` = '" . sql_escape($_POST["eHandy"]) . "', `Handy` = '" . sql_escape($_POST["eHandy"]) . "',
`Alter` = '" . sql_escape($_POST["eAlter"]) . "', `Alter` = '" . sql_escape($_POST["eAlter"]) . "',
`DECT` = '" . sql_escape($_POST["eDECT"]) . "', `DECT` = '" . sql_escape($_POST["eDECT"]) . "',
`email` = '" . sql_escape($_POST["eemail"]) . "', `email` = '" . sql_escape(isset($_POST["eemail"]) ? $_POST["eemail"] : $user_source['email']) . "',
`jabber` = '" . sql_escape($_POST["ejabber"]) . "', `jabber` = '" . sql_escape($_POST["ejabber"]) . "',
`Size` = '" . sql_escape($_POST["eSize"]) . "', `Size` = '" . sql_escape($_POST["eSize"]) . "',
`Gekommen`= '" . sql_escape($_POST["eGekommen"]) . "', `Gekommen`= '" . sql_escape($_POST["eGekommen"]) . "',

Write Preview
Loading…
Cancel
Save