|
|
Posted 17/11/2006 04:15:12
|
|
Group: Customers
Last Login: 14/02/2007 06:04:53
Posts: 74,
Visits: 207
|
If you try to Add an attachment when creating a private message you are greeted with a yellow screen of death exit error message.The bug is in the vb code located in a file InstantASP.InstantForum/InstantASP.InstantForum.UI/Dialogs/InsertAttachments.vb in procedure named Initialize: Private Sub Initialize()
' ensure this page is not locally cached
System.Web.HttpContext.Current.Response.Cache.SetCacheability(System.Web.HttpCacheability.NoCache)
System.Web.HttpContext.Current.Response.Cache.SetAllowResponseInBrowserHistory(False)
' ensure user is authenticated
InstantASP.InstantForum.Security.Handler.HasPermission(CurrentContext.CurrentRequest.Task,_
CurrentContext.CurrentPermissions,CurrentContext.CurrentForum.Moderators.SelectModerator( _
CurrentContext.CurrentUser.UserID),CurrentContext.CurrentForum) Since we are sending a private message from the control panel there is no forum context here,hence the error. The correct way to authenticate a user is displayed bellow: ' ensure user is authenticated
If Not CurrentContext.CurrentForum Is Nothing Then
InstantASP.InstantForum.Security.Handler.HasPermission(CurrentContext.CurrentRequest.Task,_
CurrentContext.CurrentPermissions,CurrentContext.CurrentForum.Moderators.SelectModerator( _
CurrentContext.CurrentUser.UserID),CurrentContext.CurrentForum)
Else
InstantASP.InstantForum.Security.Handler.HasPermission(CurrentContext.CurrentRequest.Task,_
CurrentContext.CurrentPermissions)
End If Robert
|
|
|
Posted 21/11/2006 10:02:02
|
|
Group: Customers
Last Login: 14/02/2007 06:04:53
Posts: 74,
Visits: 207
|
And for the previous modification to really work,you have to completely rewrite the stored procedure if_sp_SelectAttachment,which now should look like:set ANSI_NULLS ON
set QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [dbo].[if_sp_SelectAttachment]
@intAttachmentID int,
@intUserID int
AS
SET NOCOUNT ON
/* Get the forum this attachment is within */
DECLARE @intForumID int
DECLARE @SQL nvarchar(4000)
IF EXISTS( SELECT AttachmentID FROM InstantForum_AttachmentsPosts WHERE AttachmentID = @intAttachmentID AND IsPrivateMessage = 1 )
BEGIN
SET @intForumID = 0
SELECT TOP 1
InstantForum_Attachments.AttachmentID,
InstantForum_Attachments.UserID,
InstantForum_Attachments.AttachmentBLOB,
InstantForum_Attachments.[Filename],
InstantForum_Attachments.[Views],
InstantForum_Attachments.ContentLength,
InstantForum_Attachments.ContentType
FROM InstantForum_Attachments
JOIN InstantForum_AttachmentsPosts ON InstantForum_AttachmentsPosts.AttachmentID = InstantForum_Attachments.AttachmentID
JOIN InstantForum_PrivateMessages ON InstantForum_PrivateMessages.PrivateMessageID = InstantForum_AttachmentsPosts.PostID
WHERE InstantForum_Attachments.AttachmentID = @intAttachmentID
AND InstantForum_AttachmentsPosts.IsPrivateMessage = 1
AND InstantForum_PrivateMessages.RecipientID = @intUserID
END
ELSE
BEGIN
SET @intForumID = (
SELECT ForumID
FROM InstantForum_Topics
WHERE PostID = (
SELECT PostID
FROM InstantForum_AttachmentsPosts
WHERE AttachmentID = @intAttachmentID
)
)
SELECT
InstantForum_Attachments.AttachmentID,
InstantForum_Attachments.UserID,
InstantForum_Attachments.AttachmentBLOB,
InstantForum_Attachments.[Filename],
InstantForum_Attachments.[Views],
InstantForum_Attachments.ContentLength,
InstantForum_Attachments.ContentType
FROM InstantForum_Attachments
WHERE InstantForum_Attachments.AttachmentID = @intAttachmentID
AND EXISTS (
SELECT InstantForum_ForumsRoles.ForumRoleID
FROM InstantForum_ForumsRoles
WHERE InstantForum_ForumsRoles.ForumID = @intForumID
AND InstantForum_ForumsRoles.RoleID IN (
SELECT InstantASP_Roles.RoleID
FROM InstantASP_UsersRoles
INNER JOIN InstantASP_Roles ON InstantASP_UsersRoles.RoleID = InstantASP_Roles.RoleID
WHERE InstantASP_UsersRoles.UserID = @intUserID
)
)
END
|