13
Well, I am a bit embarrassed but I found the cause of the problem:
In file 'addcoupon.php' arround line 55 you will find:
if ((empty($xoopsUser)) || !$xoopsUser->isAdmin($xoopsModule->mid()) || ($itemid == 0 && empty($_POST['delete']))) {
redirect_header('index.php', 3, _NOPERM);
exit();
}
$couponid = isset($_GET['couponid']) ? intval($_GET['couponid']) : 0;
$itemid = isset($_GET['item']) ? intval($_GET['item']) : 0;
Replace this with:
$couponid = isset($_GET['couponid']) ? intval($_GET['couponid']) : 0;
$itemid = isset($_GET['item']) ? intval($_GET['item']) : 0;
if ((empty($xoopsUser)) || !$xoopsUser->isAdmin($xoopsModule->mid()) || ($itemid == 0 && empty($_POST['delete']))) {
redirect_header('index.php', 3, _NOPERM);
exit();
}
The reason is that $itemid should be defined before checking the permissions. In previous versions it was working alright but for some reason I must be changed the sequence during cleanup of the code. I will add a patch of this file and a new release to the
efqdirectory.com site.