Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New funclionality to Clone user with permissions and categories #29773

Open
wants to merge 11 commits into
base: develop
Choose a base branch
from
Open

New funclionality to Clone user with permissions and categories #29773

wants to merge 11 commits into from

Conversation

lamrani002
Copy link
Contributor

NEW|New functionality to clone user

eldy
eldy reviewed Jun 4, 2024
View reviewed changes
htdocs/user/class/user.class.php Outdated
$sql .= " SELECT 1";
$sql .= " FROM ".$this->db->prefix()."user_rights dest";
$sql .= " WHERE dest.entity = src.entity";
$sql .= " AND dest.fk_user = ".$this->db->escape($toId);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is an int so must use
$sql .= " AND dest.fk_user = ".((int) $toId);

eldy
eldy reviewed Jun 4, 2024
View reviewed changes
htdocs/user/class/user.class.php Outdated

// Construction de la requête d'insertion
$sql = "INSERT INTO ".$this->db->prefix()."user_rights (entity, fk_user, fk_id)";
$sql .= " SELECT entity, ".$this->db->escape($toId).", fk_id";
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is an int so must use
$sql .= " SELECT entity, ".((int) $toId).", fk_id";

eldy
eldy reviewed Jun 4, 2024
View reviewed changes
htdocs/user/class/user.class.php Outdated
$categorystatic = new Categorie($this->db);

$sql = "INSERT INTO ".$this->db->prefix()."categorie_".(empty($categorystatic->MAP_CAT_TABLE[$type]) ? $type : $categorystatic->MAP_CAT_TABLE[$type])." (fk_categorie, fk_user)";
$sql .= " SELECT fk_categorie, $toId FROM ".$this->db->prefix()."categorie_".(empty($categorystatic->MAP_CAT_TABLE[$type]) ? $type : $categorystatic->MAP_CAT_TABLE[$type]);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

$toId must be sanitized with (int)

@eldy eldy added the PR to fix or conflict to solve PR needs to be fixed to be integrated (except for conflicts, a comment describes the fix to do) label Jun 4, 2024
@eldy eldy added PR postponed PR is postponed (will be processed later). Ie: feature pushed during a beta or need transition steps and removed PR to fix or conflict to solve PR needs to be fixed to be integrated (except for conflicts, a comment describes the fix to do) labels Jun 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eldy eldy eldy left review comments

Assignees
No one assigned
Labels
PR postponed PR is postponed (will be processed later). Ie: feature pushed during a beta or need transition steps
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@lamrani002 @eldy