You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

Pages: 1

Topic closed

#1 2014-03-03 23:10:58

Rob Simons
Member
Registered: 2014-03-03
Posts: 1

Anonymous doccument retrieval from FAQ

Hi,

There is a problem with the code for retrieving documents from the FAQ as anonymous user. This applies to the latest (0.84.5) version as well. Every document attached to a FAQ article returns a permission denied error.

The following code in inc/document.class.php seems to be wrong:

Line 624
      // Public FAQ for not connected user
      if ($CFG_GLPI["use_public_faq"]) {
         $query = "SELECT *
                   FROM `glpi_documents_items`
                   LEFT JOIN `glpi_knowbaseitems`
                        ON (`glpi_knowbaseitems`.`id` = `glpi_documents_items`.`items_id`)
                   WHERE `glpi_documents_items`.`itemtype` = 'KnowbaseItem'
                         AND `glpi_documents_items`.`documents_id` = '".$this->fields["id"]."'
                         AND `glpi_knowbaseitems`.`is_faq` = '1'
                         AND `glpi_knowbaseitems`.`entities_id` 0'
                         AND `glpi_knowbaseitems`.`is_recursive` = '1'";

         $result = $DB->query($query);
         if ($DB->numrows($result) > 0) {
            return true;
         }
      }


These fields in the 'glpi_knowbaseitems' table do not exist (entities_id and is_recursive)
                         AND `glpi_knowbaseitems`.`entities_id` 0'
                         AND `glpi_knowbaseitems`.`is_recursive` = '1'";
And should probably be the other joined table from the same query where the two fields do exist:
                         AND `glpi_documents_items`.`entities_id` 0'
                         AND `glpi_documents_items`.`is_recursive` = '1'";



However, I'm also not quite sure why these two restrictions are put into this query, so perhaps they should be removed altogether since this particular check applies to anonymous access only.


Hopefully this will help anyone and I'm interested to see what the correct code should be.

Kind Regards,

Rob.

Offline

#2 2014-03-05 10:07:13

MoYo
GLPI - Lead
From: Poitiers
Registered: 2004-09-13
Posts: 14,513
Website

Re: Anonymous doccument retrieval from FAQ

Think you are right. I have just open a ticket : https://forge.indepnet.net/issues/4819

MoYo - Julien Dombre - Association INDEPNET
Contribute to GLPI :    Support     Contribute     References     Freshmeat

Offline

#3 2014-03-05 10:34:20

MoYo
GLPI - Lead
From: Poitiers
Registered: 2004-09-13
Posts: 14,513
Website

Re: Anonymous doccument retrieval from FAQ

fix proposal : https://forge.indepnet.net/projects/glp … ions/22757

MoYo - Julien Dombre - Association INDEPNET
Contribute to GLPI :    Support     Contribute     References     Freshmeat

Offline

Pages: 1

Topic closed

Board footer

Powered by FluxBB