From a99c35f611dea1da3b5775d3fa5a44d60a493615 Mon Sep 17 00:00:00 2001 From: chansizzle <14916599+chansizzle@users.noreply.github.com> Date: Wed, 25 Sep 2019 11:48:21 -0600 Subject: [PATCH] Update users.php (#4657) --- core/users/users.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/core/users/users.php b/core/users/users.php index b2bb1afc98..74ae080900 100644 --- a/core/users/users.php +++ b/core/users/users.php @@ -59,7 +59,7 @@ //common where clause $sql_where = "where true "; - if (!(permission_exists('user_all') && $_GET['show'] == 'all')) { + if (!(isset($_GET['show']) && permission_exists('user_all') && $_GET['show'] == 'all')) { $sql_where .= "and u.domain_uuid = :domain_uuid "; $parameters['domain_uuid'] = $_SESSION['domain_uuid']; } @@ -89,7 +89,7 @@ //prepare for paging $rows_per_page = is_numeric($_SESSION['domain']['paging']['numeric']) ? $_SESSION['domain']['paging']['numeric'] : 50; $param = "search=".escape($search); - if (permission_exists('user_all') && $_GET['show'] == 'all') { + if (isset($_GET['show']) && permission_exists('user_all') && $_GET['show'] == 'all') { $param .= "&show=all"; } $page = $_GET['page']; @@ -115,7 +115,7 @@ echo "".$text['header-user_manager']." (".$num_rows.")\n"; echo ""; if (permission_exists('user_all')) { - if ($_GET['show'] == 'all') { + if (isset($_GET['show']) && $_GET['show'] == 'all') { echo "\n"; echo ""; } @@ -149,7 +149,7 @@ echo "\n"; echo "\n"; - if (permission_exists('user_all') && $_GET['show'] == 'all') { + if (isset($_GET['show']) && permission_exists('user_all') && $_GET['show'] == 'all') { echo th_order_by('domain_name', $text['label-domain'], $order_by, $order, '', '', $param); } echo th_order_by('username', $text['label-username'], $order_by, $order); @@ -165,7 +165,7 @@ echo th_order_by('user_enabled', $text['label-enabled'], $order_by, $order, '', '', $param); echo "\n"; - if (permission_exists('user_all') && $_GET['show'] == 'all') { + if (isset($_GET['show']) && permission_exists('user_all') && $_GET['show'] == 'all') { echo " \n"; } echo "
"; if (permission_exists('user_add')) { - if ($_SESSION['limit']['users']['numeric'] == '' || ($_SESSION['limit']['users']['numeric'] != '' && $total_users < $_SESSION['limit']['users']['numeric'])) { + if (isset($_SESSION['limit']['users']['numeric']) && ($_SESSION['limit']['users']['numeric'] == '' || ($_SESSION['limit']['users']['numeric'] != '') && $total_users < $_SESSION['limit']['users']['numeric'])) { echo "".$v_link_label_add.""; } } @@ -176,7 +176,7 @@ foreach($users as $row) { $tr_link = (permission_exists('user_edit')) ? "href='user_edit.php?id=".escape($row['user_uuid'])."'" : null; echo "
".escape($row['domain_name'])."";