Changeset 1542 in ExiteCMS for trunk/themes/ExiteCMS/theme.php

Timestamp:

07/10/08 11:34:16 (4 years ago)

Author:

root

Message:

Fixed missing groupaccess() check in unread posts queries

File:

• trunk/themes/ExiteCMS/theme.php (modified) (2 diffs)

trunk/themes/ExiteCMS/theme.php

@@ -70 +70 @@
             SELECT count(*) as unread 
                 FROM ".$db_prefix."posts p 
+                    INNER JOIN ".$db_prefix."forums f ON p.forum_id = f.forum_id 
                     INNER JOIN ".$db_prefix."threads_read tr ON p.thread_id = tr.thread_id 
-                WHERE tr.user_id = '".$userdata['user_id']."' 
+                WHERE ".groupaccess('f.forum_access')."
+                    AND tr.user_id = '".$userdata['user_id']."' 
                     AND (p.post_datestamp > ".$settings['unread_threshold']." OR p.post_edittime > ".$settings['unread_threshold'].")
                     AND ((p.post_datestamp > tr.thread_last_read OR p.post_edittime > tr.thread_last_read)
@@ -80 +82 @@
             SELECT count(*) as unread 
                 FROM ".$db_prefix."posts p 
+                    INNER JOIN ".$db_prefix."forums f ON p.forum_id = f.forum_id 
                     INNER JOIN ".$db_prefix."threads_read tr ON p.thread_id = tr.thread_id 
-                WHERE tr.user_id = '".$userdata['user_id']."' 
+                WHERE ".groupaccess('f.forum_access')."
+                    AND tr.user_id = '".$userdata['user_id']."' 
                     AND p.post_author != '".$userdata['user_id']."'
                     AND p.post_edituser != '".$userdata['user_id']."'