fix: Enhance category filtering by adding user group support in category retrieval

Daniel Neto · Daniel Neto · commit 6e8a673eed07 · 2026-03-27T10:48:11.000-03:00
https://github.com/WWBN/AVideo/security/advisories/GHSA-73gr-r64q-7jh4#event-597450
diff --git a/objects/categories.json.php b/objects/categories.json.php
@@ -15,14 +15,16 @@
 $_REQUEST['current'] = getCurrentPage();
 
 $onlyWithVideos = false;
-$sameUserGroupAsMe = false;
 if(!empty($_GET['user'])){
     $onlyWithVideos = true;
-    $sameUserGroupAsMe = true;
 }
+// Always apply user-group filtering using the logged-in user's real ID.
+// Guests get -1 so getUserGroups returns [], leaving only unrestricted categories visible.
+$currentUserId = User::getId();
+$sameUserGroupAsMe = !empty($currentUserId) ? intval($currentUserId) : -1;
 
 $categories = Category::getAllCategories(true, $onlyWithVideos, false, $sameUserGroupAsMe);
-$total = Category::getTotalCategories(true, $onlyWithVideos);
+$total = Category::getTotalCategories(true, $onlyWithVideos, false, $sameUserGroupAsMe);
 //$breaks = array('<br />', '<br>', '<br/>');
 foreach ($categories as $key => $value) {
     $categories[$key]['iconHtml'] = "<span class='$value[iconClass]'></span>";
diff --git a/objects/category.php b/objects/category.php
@@ -975,7 +975,7 @@ public function delete()
         return sqlDAL::writeSql($sql, "i", [$this->id]);
     }
 
-    public static function getTotalCategories($filterCanAddVideoOnly = false, $onlyWithVideos = false, $onlySuggested = false)
+    public static function getTotalCategories($filterCanAddVideoOnly = false, $onlyWithVideos = false, $onlySuggested = false, $sameUserGroupAsMe = false)
     {
         global $global, $config;
 
@@ -1023,6 +1023,17 @@ public static function getTotalCategories($filterCanAddVideoOnly = false, $onlyW
             }
             $sql .= ")";
         }
+        if ($sameUserGroupAsMe) {
+            $users_groups = UserGroups::getUserGroups($sameUserGroupAsMe);
+            $users_groups_id = array(0);
+            foreach ($users_groups as $value) {
+                $users_groups_id[] = $value['id'];
+            }
+            $sql .= " AND ("
+                . "(SELECT count(*) FROM categories_has_users_groups chug WHERE c.id = chug.categories_id) = 0 OR "
+                . "(SELECT count(*) FROM categories_has_users_groups chug2 WHERE c.id = chug2.categories_id AND users_groups_id IN (" . implode(',', $users_groups_id) . ")) >= 1 "
+                . ")";
+        }
         $sql .= BootGrid::getSqlSearchFromPost(['name']);
         //echo $sql;exit;
         $res = sqlDAL::readSql($sql);

Original file line number	Diff line number	Diff line change
`@@ -975,7 +975,7 @@ public function delete()`
`975`	`975`	`return sqlDAL::writeSql($sql, "i", [$this->id]);`
`976`	`976`	`}`
`977`	`977`
`978`		`- public static function getTotalCategories($filterCanAddVideoOnly = false, $onlyWithVideos = false, $onlySuggested = false)`
	`978`	`+ public static function getTotalCategories($filterCanAddVideoOnly = false, $onlyWithVideos = false, $onlySuggested = false, $sameUserGroupAsMe = false)`
`979`	`979`	`{`
`980`	`980`	`global $global, $config;`
`981`	`981`
`@@ -1023,6 +1023,17 @@ public static function getTotalCategories($filterCanAddVideoOnly = false, $onlyW`
`1023`	`1023`	`}`
`1024`	`1024`	`$sql .= ")";`
`1025`	`1025`	`}`
	`1026`	`+ if ($sameUserGroupAsMe) {`
	`1027`	`+ $users_groups = UserGroups::getUserGroups($sameUserGroupAsMe);`
	`1028`	`+ $users_groups_id = array(0);`
	`1029`	`+ foreach ($users_groups as $value) {`
	`1030`	`+ $users_groups_id[] = $value['id'];`
	`1031`	`+ }`
	`1032`	`+ $sql .= " AND ("`
	`1033`	`+ . "(SELECT count(*) FROM categories_has_users_groups chug WHERE c.id = chug.categories_id) = 0 OR "`
	`1034`	`+ . "(SELECT count(*) FROM categories_has_users_groups chug2 WHERE c.id = chug2.categories_id AND users_groups_id IN (" . implode(',', $users_groups_id) . ")) >= 1 "`
	`1035`	`+ . ")";`
	`1036`	`+ }`
`1026`	`1037`	`$sql .= BootGrid::getSqlSearchFromPost(['name']);`
`1027`	`1038`	`//echo $sql;exit;`
`1028`	`1039`	`$res = sqlDAL::readSql($sql);`