PhotoPost Community - View Single Post

mawby · June 25th, 2005, 04:33 AM

Hi, new here so forgive me if I'm being stupid but I think there's a bug in editproduct.php. I only downloaded the software yesterday so I should have the lastest copy. Anyway, this file handles the editing, sale, relisting and various other product editing functions. However, towards the top is the following...

Code:

Content visible to verified customers only.

...which is used to ensure that the product belongs to the user and that the product number is valid. However, this only works if the user is editing the product. If they want to mark it has sold, or to relist it, then the parameters used to pass the product ID to this are called are called $sold and $resell respectively. This means that $phoedit will always be zero for these actions, and this causes both the $User['nopost'] and $ueditpho == 0 to be true and therefore the user is prevented from using these options unless they have admin rights. Furthermore, after the error message the user is taken to a blank screen because it then tries to re-direct them back to looking at the product they were on, except zero is passed so that then fails.

I have fixed this bug on my system by removing the code above and inserting it in three different places, once within the "if ( isset($sold) ) {" clause with $phoedit replaced with $sold, then within the "if ( isset($resell) ) {" clause with $phoedit replaced with $resell, and finally within the ELSE block of "if ( $edit != "yes" ) {" with no substitutions.

June 25th, 2005, 04:33 AM	#1 (permalink)
mawby Junior Member Verified Customer Join Date: Jun 2005 Posts: 22	Bug in editproduct.php Hi, new here so forgive me if I'm being stupid but I think there's a bug in editproduct.php. I only downloaded the software yesterday so I should have the lastest copy. Anyway, this file handles the editing, sale, relisting and various other product editing functions. However, towards the top is the following... Code: Content visible to verified customers only. ...which is used to ensure that the product belongs to the user and that the product number is valid. However, this only works if the user is editing the product. If they want to mark it has sold, or to relist it, then the parameters used to pass the product ID to this are called are called $sold and $resell respectively. This means that $phoedit will always be zero for these actions, and this causes both the $User['nopost'] and $ueditpho == 0 to be true and therefore the user is prevented from using these options unless they have admin rights. Furthermore, after the error message the user is taken to a blank screen because it then tries to re-direct them back to looking at the product they were on, except zero is passed so that then fails. I have fixed this bug on my system by removing the code above and inserting it in three different places, once within the "if ( isset($sold) ) {" clause with $phoedit replaced with $sold, then within the "if ( isset($resell) ) {" clause with $phoedit replaced with $resell, and finally within the ELSE block of "if ( $edit != "yes" ) {" with no substitutions.