projects / timetracker.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Improved access checks for swap_roles.php.
[timetracker.git] / WEB-INF / lib / ttUser.class.php
diff --git a/WEB-INF/lib/ttUser.class.php b/WEB-INF/lib/ttUser.class.php
index d58a716..f9edc8c 100644 (file)
--- a/WEB-INF/lib/ttUser.class.php
+++ b/WEB-INF/lib/ttUser.class.php
@@ -262,7 +262,10 @@ class ttUser {
         $left_joins .= ' left join tt_roles r on (u.role_id = r.id)';
 
     $where_part = " where u.team_id = $this->team_id";
-    if (isset($options['status'])) $where_part .= ' and u.status = '.(int)$options['status'];
+    if (isset($options['status']))
+      $where_part .= ' and u.status = '.(int)$options['status'];
+    else
+      $where_part .= ' and u.status is not null';
     if ($includeSelf) {
       $where_part .= " and (u.id = $this->id || r.rank <= ".(int)$options['max_rank'].')';
     } else {
Unnamed repository; edit this file 'description' to name the repository.