From 75345c7086761ea68d7e75fbffeaef64a3642fdd Mon Sep 17 00:00:00 2001 From: Nik Okuntseff Date: Sun, 3 Mar 2019 23:57:49 +0000 Subject: [PATCH] Improved safety of timesheet assignment by adding an inner join. --- WEB-INF/lib/ttReportHelper.class.php | 7 ++++--- WEB-INF/lib/ttTimesheetHelper.class.php | 1 + WEB-INF/templates/footer.tpl | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/WEB-INF/lib/ttReportHelper.class.php b/WEB-INF/lib/ttReportHelper.class.php index ceaee4b0..a64bb870 100644 --- a/WEB-INF/lib/ttReportHelper.class.php +++ b/WEB-INF/lib/ttReportHelper.class.php @@ -639,9 +639,10 @@ class ttReportHelper { $org_id = $user->org_id; if ($time_log_ids) { - $sql = "update tt_log l". - // TODO: inner join does not work properly for de-assignment. Improve. - // " inner join tt_timesheets ts on (ts.id = $timesheet_id and ts.approve_status is null)". + if ($timesheet_id) + $inner_join = " inner join tt_timesheets ts on (ts.id = $timesheet_id and ts.approve_status is null)"; + + $sql = "update tt_log l $inner_join". " set l.timesheet_id = ".$mdb2->quote($timesheet_id). " where l.id in(".join(', ', $time_log_ids).") and l.user_id = $user_id and l.group_id = $group_id and l.org_id = $org_id"; $affected = $mdb2->exec($sql); diff --git a/WEB-INF/lib/ttTimesheetHelper.class.php b/WEB-INF/lib/ttTimesheetHelper.class.php index 89571510..a348cb57 100644 --- a/WEB-INF/lib/ttTimesheetHelper.class.php +++ b/WEB-INF/lib/ttTimesheetHelper.class.php @@ -442,6 +442,7 @@ class ttTimesheetHelper { // Parts for client and project. if ($options['client_id']) $client_part = ' and client_id = '.(int)$options['client_id']; if ($options['project_id']) $project_part = ' and project_id = '.(int)$options['project_id']; + // TODO: test and fix the above for NULL client and project ids... // Determine start and end dates. $dateFormat = $user->getDateFormat(); diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index da170551..3f166443 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
-
 Anuko Time Tracker 1.18.52.4818 | Copyright © Anuko | +  Anuko Time Tracker 1.18.52.4819 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve} -- 2.20.1