fix: corrected issue if unauthorized user try to access FAQs via solu…

…tion ID
thorsten · Nov 2, 2024 · fa0f736 · fa0f736
1 parent 0bc6b81
commit fa0f736
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/phpmyfaq/src/phpMyFAQ/Faq.php b/phpmyfaq/src/phpMyFAQ/Faq.php
@@ -1237,11 +1237,14 @@ public function getRecordBySolutionId(int $solutionId): void
     {
         $query = sprintf(
             'SELECT
-                *
+                fd.*, COALESCE(fdg.group_id, -1) AS group_id, fdu.user_id
             FROM
                 %sfaqdata fd
-            LEFT JOIN
-                %sfaqdata_group fdg
+            LEFT JOIN (
+                SELECT record_id, group_id FROM %sfaqdata_group fdg WHERE fdg.group_id <> -1
+                UNION ALL
+                SELECT fd.id AS record_id, -1 AS group_id FROM %sfaqdata fd WHERE fd.solution_id = %d
+            ) AS fdg
             ON
                 fd.id = fdg.record_id
             LEFT JOIN
@@ -1255,6 +1258,8 @@ public function getRecordBySolutionId(int $solutionId): void
             Database::getTablePrefix(),
             Database::getTablePrefix(),
             $solutionId,
+            Database::getTablePrefix(),
+            $solutionId,
             $this->queryPermission($this->groupSupport)
         );