From 645b02b2d14a74db7c13d5494ee83b107bb3a822 Mon Sep 17 00:00:00 2001
From: Romain Quetiez <romain.quetiez@combodo.com>
Date: Fri, 1 Jul 2011 15:08:38 +0000
Subject: [PATCH] #415 Could not limit user on some organization (symptom:
 wrong queries... org_id does not exist...)

SVN:trunk[1319]
---
 addons/userrights/userrightsprofile.class.inc.php | 11 +++++++++--
 application/displayblock.class.inc.php            |  3 ++-
 pages/audit.php                                   |  7 ++++---
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/addons/userrights/userrightsprofile.class.inc.php b/addons/userrights/userrightsprofile.class.inc.php
index 3276b09fd..69b70fff7 100644
--- a/addons/userrights/userrightsprofile.class.inc.php
+++ b/addons/userrights/userrightsprofile.class.inc.php
@@ -751,17 +751,24 @@ exit;
 
 		// Determine how to position the objects of this class
 		//
+		$aCallSpec = array($sClass, 'MapContextParam');
 		if ($sClass == 'Organization')
 		{
 			$sAttCode = 'id';
 		}
-		elseif (is_callable("$sClass::MapContextParam"))
+		elseif (is_callable($aCallSpec))
 		{
-			$sAttCode = eval("return $sClass::MapContextParam('org_id');"); // Returns null when there is no mapping for this parameter
+			$sAttCode = call_user_func($aCallSpec, 'org_id'); // Returns null when there is no mapping for this parameter
+
 			if ($sAttCode == null)
 			{
 				return true;
 			}
+			if (!MetaModel::IsValidAttCode($sClass, $sAttCode))
+			{
+				// Skip silently. The data model checker will tell you something about this...
+				return true;
+			}
 		}
 		elseif(MetaModel::IsValidAttCode($sClass, 'org_id'))
 		{
diff --git a/application/displayblock.class.inc.php b/application/displayblock.class.inc.php
index b96011f4a..6f31cfc58 100644
--- a/application/displayblock.class.inc.php
+++ b/application/displayblock.class.inc.php
@@ -331,9 +331,10 @@ class DisplayBlock
 				$oAppContext = new ApplicationContext();
 				$sClass = $this->m_oFilter->GetClass();
 				$aFilterCodes = array_keys(MetaModel::GetClassFilterDefs($sClass));
+				$aCallSpec = array($sClass, 'MapContextParam');
 				foreach($oAppContext->GetNames() as $sContextParam)
 				{
-					eval("\$sParamCode = $sClass::MapContextParam('$sContextParam');"); //Map context parameter to the value/filter code depending on the class
+					$sParamCode = call_user_func($aCallSpec, $sContextParam); //Map context parameter to the value/filter code depending on the class
 					if (!is_null($sParamCode))
 					{
 						$sParamValue = $oAppContext->GetCurrentValue($sContextParam, null);
diff --git a/pages/audit.php b/pages/audit.php
index c71f2943c..edea9c1dc 100644
--- a/pages/audit.php
+++ b/pages/audit.php
@@ -44,15 +44,16 @@ try
 	{
 		$sObjClass = $oFilter->GetClass();		
 		$aContextParams = $oAppContext->GetNames();
-		if (is_callable("$sObjClass::MapContextParam"))
+		$aCallSpec = array($sObjClass, 'MapContextParam');
+		if (is_callable($aCallSpec))
 		{
 			foreach($aContextParams as $sParamName)
 			{
 				$sValue = $oAppContext->GetCurrentValue($sParamName, null);
 				if ($sValue != null)
 				{
-					$sAttCode = eval("return $sObjClass::MapContextParam('$sParamName');"); // Returns null when there is no mapping for this parameter
-					if ($sAttCode != null)
+					$sAttCode = call_user_func($aCallSpec, $sParamName); // Returns null when there is no mapping for this parameter
+					if ($sAttCode != null && MetaModel::IsValidAttCode($sObjClass, $sAttCode))
 					{
 						$oFilter->AddCondition($sAttCode, $sValue);
 					}