diff --git a/inc/CalDAVPrincipal.php b/inc/CalDAVPrincipal.php index ff231fb2..38d00b7a 100644 --- a/inc/CalDAVPrincipal.php +++ b/inc/CalDAVPrincipal.php @@ -257,7 +257,7 @@ class CalDAVPrincipal $write_priv = privilege_to_bits(array('write')); // whom are we a proxy for? who is a proxy for us? // (as per Caldav Proxy section 5.1 Paragraph 7 and 5) - $sql = 'SELECT principal_id, username, pprivs(?,principal_id,?) FROM principal JOIN usr USING(user_no) WHERE principal_id IN (SELECT * from p_has_proxy_access_to(?,?))'; + $sql = 'SELECT principal_id, username, pprivs(?::int8,principal_id,?::int) FROM principal JOIN usr USING(user_no) WHERE principal_id IN (SELECT * from p_has_proxy_access_to(?,?))'; $qry = new PgQuery($sql, $this->principal_id, $c->permission_scan_depth, $this->principal_id, $c->permission_scan_depth ); if ( $qry->Exec('CalDAVPrincipal') && $qry->rows > 0 ) { while( $relationship = $qry->Fetch() ) { @@ -272,7 +272,7 @@ class CalDAVPrincipal } } - $sql = 'SELECT principal_id, username, pprivs(?,principal_id,?) FROM principal JOIN usr USING(user_no) WHERE principal_id IN (SELECT * from grants_proxy_access_from_p(?,?))'; + $sql = 'SELECT principal_id, username, pprivs(?::int8,principal_id,?::int) FROM principal JOIN usr USING(user_no) WHERE principal_id IN (SELECT * from grants_proxy_access_from_p(?,?))'; $qry = new PgQuery($sql, $this->principal_id, $c->permission_scan_depth, $this->principal_id, $c->permission_scan_depth ); if ( $qry->Exec('CalDAVPrincipal') && $qry->rows > 0 ) { while( $relationship = $qry->Fetch() ) { diff --git a/inc/CalDAVRequest.php b/inc/CalDAVRequest.php index de4b71a7..39303c31 100644 --- a/inc/CalDAVRequest.php +++ b/inc/CalDAVRequest.php @@ -580,10 +580,10 @@ EOSQL; * In other cases we need to query the database for permissions */ if ( isset($this->by_email) ) { - $qry = new PgQuery( "SELECT pprivs( ?, ?, ? ) AS perm", $session->principal_id, $this->principal_id, $c->permission_scan_depth ); + $qry = new PgQuery( "SELECT pprivs( ?::int8, ?::int8, ?::int ) AS perm", $session->principal_id, $this->principal_id, $c->permission_scan_depth ); } else { - $qry = new PgQuery( "SELECT path_privs( ?, ?, ? ) AS perm", $session->principal_id, $this->path, $c->permission_scan_depth ); + $qry = new PgQuery( "SELECT path_privs( ?::int8, ?::text, ?::int ) AS perm", $session->principal_id, $this->path, $c->permission_scan_depth ); } if ( $qry->Exec("caldav") && $permission_result = $qry->Fetch() ) { $privs = bits_to_privilege($permission_result->perm); diff --git a/inc/DAVResource.php b/inc/DAVResource.php index cfa327f6..53cf379e 100644 --- a/inc/DAVResource.php +++ b/inc/DAVResource.php @@ -275,7 +275,7 @@ class DAVResource 'is_calendar' => false, 'is_principal' => false, 'is_addressbook' => false ); - $base_sql = 'SELECT collection.*, path_privs(:session_principal, collection.dav_name,:scan_depth), '; + $base_sql = 'SELECT collection.*, path_privs(:session_principal::int8, collection.dav_name,:scan_depth::int), '; $base_sql .= 'p.principal_id, p.type_id AS principal_type_id, '; $base_sql .= 'p.displayname AS principal_displayname, p.default_privileges AS principal_default_privileges '; $base_sql .= 'FROM collection LEFT JOIN principal p USING (user_no) WHERE '; diff --git a/inc/always.php b/inc/always.php index db07d819..136fc3fe 100644 --- a/inc/always.php +++ b/inc/always.php @@ -171,7 +171,7 @@ function getUserByName( $username, $use_cache = true ) { global $c, $session; if ( isset($session->user_no) ) - $qry = new PgQuery( "SELECT *, to_char(updated at time zone 'GMT','Dy, DD Mon IYYY HH24:MI:SS \"GMT\"') AS modified, principal.*, pprivs(?,principal.principal_id,?) AS privileges FROM usr LEFT JOIN principal USING(user_no) WHERE lower(username) = lower(?) ", $session->principal_id, $c->permission_scan_depth, $username ); + $qry = new PgQuery( "SELECT *, to_char(updated at time zone 'GMT','Dy, DD Mon IYYY HH24:MI:SS \"GMT\"') AS modified, principal.*, pprivs(?::int8,principal.principal_id,?::int) AS privileges FROM usr LEFT JOIN principal USING(user_no) WHERE lower(username) = lower(?) ", $session->principal_id, $c->permission_scan_depth, $username ); else $qry = new PgQuery( "SELECT *, to_char(updated at time zone 'GMT','Dy, DD Mon IYYY HH24:MI:SS \"GMT\"') AS modified, principal.*, 0::BIT(24) AS privileges FROM usr LEFT JOIN principal USING(user_no) WHERE lower(username) = lower(?) ", $username ); if ( $qry->Exec('always',__LINE__,__FILE__) && $qry->rows == 1 ) { @@ -195,7 +195,7 @@ function getUserByID( $user_no, $use_cache = true ) { if ( $use_cache && isset( $_known_users_id[$user_no] ) ) return $_known_users_id[$user_no]; global $c, $session; - $qry = new PgQuery( "SELECT *, to_char(updated at time zone 'GMT','Dy, DD Mon IYYY HH24:MI:SS \"GMT\"') AS modified, principal.*, pprivs(?,principal.principal_id,?) AS privileges FROM usr LEFT JOIN principal USING(user_no) WHERE user_no = ? ", $session->principal_id, $c->permission_scan_depth, intval($user_no) ); + $qry = new PgQuery( "SELECT *, to_char(updated at time zone 'GMT','Dy, DD Mon IYYY HH24:MI:SS \"GMT\"') AS modified, principal.*, pprivs(?::int8,principal.principal_id,?::int) AS privileges FROM usr LEFT JOIN principal USING(user_no) WHERE user_no = ? ", $session->principal_id, $c->permission_scan_depth, intval($user_no) ); if ( $qry->Exec('always',__LINE__,__FILE__) && $qry->rows == 1 ) { $_known_users_id[$user_no] = $qry->Fetch(); $name = $_known_users_id[$user_no]->username; diff --git a/inc/always.php.in b/inc/always.php.in index e9edee9e..1b21935a 100644 --- a/inc/always.php.in +++ b/inc/always.php.in @@ -171,7 +171,7 @@ function getUserByName( $username, $use_cache = true ) { global $c, $session; if ( isset($session->user_no) ) - $qry = new PgQuery( "SELECT *, to_char(updated at time zone 'GMT','Dy, DD Mon IYYY HH24:MI:SS \"GMT\"') AS modified, principal.*, pprivs(?,principal.principal_id,?) AS privileges FROM usr LEFT JOIN principal USING(user_no) WHERE lower(username) = lower(?) ", $session->principal_id, $c->permission_scan_depth, $username ); + $qry = new PgQuery( "SELECT *, to_char(updated at time zone 'GMT','Dy, DD Mon IYYY HH24:MI:SS \"GMT\"') AS modified, principal.*, pprivs(?::int8,principal.principal_id,?::int) AS privileges FROM usr LEFT JOIN principal USING(user_no) WHERE lower(username) = lower(?) ", $session->principal_id, $c->permission_scan_depth, $username ); else $qry = new PgQuery( "SELECT *, to_char(updated at time zone 'GMT','Dy, DD Mon IYYY HH24:MI:SS \"GMT\"') AS modified, principal.*, 0::BIT(24) AS privileges FROM usr LEFT JOIN principal USING(user_no) WHERE lower(username) = lower(?) ", $username ); if ( $qry->Exec('always',__LINE__,__FILE__) && $qry->rows == 1 ) { @@ -195,7 +195,7 @@ function getUserByID( $user_no, $use_cache = true ) { if ( $use_cache && isset( $_known_users_id[$user_no] ) ) return $_known_users_id[$user_no]; global $c, $session; - $qry = new PgQuery( "SELECT *, to_char(updated at time zone 'GMT','Dy, DD Mon IYYY HH24:MI:SS \"GMT\"') AS modified, principal.*, pprivs(?,principal.principal_id,?) AS privileges FROM usr LEFT JOIN principal USING(user_no) WHERE user_no = ? ", $session->principal_id, $c->permission_scan_depth, intval($user_no) ); + $qry = new PgQuery( "SELECT *, to_char(updated at time zone 'GMT','Dy, DD Mon IYYY HH24:MI:SS \"GMT\"') AS modified, principal.*, pprivs(?::int8,principal.principal_id,?::int) AS privileges FROM usr LEFT JOIN principal USING(user_no) WHERE user_no = ? ", $session->principal_id, $c->permission_scan_depth, intval($user_no) ); if ( $qry->Exec('always',__LINE__,__FILE__) && $qry->rows == 1 ) { $_known_users_id[$user_no] = $qry->Fetch(); $name = $_known_users_id[$user_no]->username; diff --git a/inc/caldav-POST.php b/inc/caldav-POST.php index f824594d..5231edaf 100644 --- a/inc/caldav-POST.php +++ b/inc/caldav-POST.php @@ -56,11 +56,11 @@ function handle_freebusy_request( $ic ) { } /** @TODO: Refactor this so we only do one query here and loop through the results */ - $qry = new PgQuery("SELECT pprivs(?,principal_id,?) AS p FROM usr JOIN principal USING(user_no) WHERE lower(usr.email) = lower(?)", $session->principal_id, $c->permission_scan_depth, $attendee_email ); + $qry = new PgQuery("SELECT pprivs(?::int8,principal_id,?::int) AS p FROM usr JOIN principal USING(user_no) WHERE lower(usr.email) = lower(?)", $session->principal_id, $c->permission_scan_depth, $attendee_email ); if ( !$qry->Exec("POST") ) $request->DoResponse( 501, 'Database error'); if ( $qry->rows > 1 ) { // Unlikely, but if we get more than one result we'll do an exact match instead. - $qry = new PgQuery("SELECT pprivs(?,principal_id,?) AS p FROM usr JOIN principal USING(user_no) WHERE usr.email = ?", $session->principal_id, $c->permission_scan_depth, $attendee_email ); + $qry = new PgQuery("SELECT pprivs(?::int8,principal_id,?::int) AS p FROM usr JOIN principal USING(user_no) WHERE usr.email = ?", $session->principal_id, $c->permission_scan_depth, $attendee_email ); if ( !$qry->Exec("POST") ) $request->DoResponse( 501, 'Database error'); } diff --git a/inc/caldav-REPORT-multiget.php b/inc/caldav-REPORT-multiget.php index 7123ddc6..1bb2a4de 100644 --- a/inc/caldav-REPORT-multiget.php +++ b/inc/caldav-REPORT-multiget.php @@ -50,7 +50,7 @@ foreach( $mg_hrefs AS $k => $v ) { $where = " WHERE caldav_data.dav_name ~ ".qpg("^".$request->path)." "; $where .= "AND caldav_data.dav_name IN ( $href_in ) "; $where .= "AND (calendar_item.class != 'PRIVATE' OR calendar_item.class IS NULL "; -$where .= "OR (uprivs($session->user_no,calendar_item.user_no,$c->permission_scan_depth) = privilege_to_bits('all')) ) "; +$where .= "OR (uprivs($session->user_no::int8,calendar_item.user_no,$c->permission_scan_depth::int) = privilege_to_bits('all')) ) "; if ( isset($c->hide_TODO) && $c->hide_TODO && ! $request->AllowedTo('all') ) { $where .= "AND caldav_data.caldav_type NOT IN ('VTODO') ";