fix: corrected issue if unauthorized user try to access FAQs via solution ID

thorsten · thorsten · commit fa0f7368dc32 · 2024-11-02T11:11:45.000+01:00
diff --git a/phpmyfaq/src/phpMyFAQ/Faq.php b/phpmyfaq/src/phpMyFAQ/Faq.php
@@ -1237,11 +1237,14 @@ public function getRecordBySolutionId(int $solutionId): void
     {
         $query = sprintf(
             'SELECT
-                *
+                fd.*, COALESCE(fdg.group_id, -1) AS group_id, fdu.user_id
             FROM
                 %sfaqdata fd
-            LEFT JOIN
-                %sfaqdata_group fdg
+            LEFT JOIN (
+                SELECT record_id, group_id FROM %sfaqdata_group fdg WHERE fdg.group_id <> -1
+                UNION ALL
+                SELECT fd.id AS record_id, -1 AS group_id FROM %sfaqdata fd WHERE fd.solution_id = %d
+            ) AS fdg
             ON
                 fd.id = fdg.record_id
             LEFT JOIN
@@ -1255,6 +1258,8 @@ public function getRecordBySolutionId(int $solutionId): void
             Database::getTablePrefix(),
             Database::getTablePrefix(),
             $solutionId,
+            Database::getTablePrefix(),
+            $solutionId,
             $this->queryPermission($this->groupSupport)
         );
 
