From fa0f7368dc3288eedb1915def64ef8fb270f711d Mon Sep 17 00:00:00 2001
From: Thorsten Rinne <thorsten@phpmyfaq.de>
Date: Sat, 2 Nov 2024 11:11:45 +0100
Subject: [PATCH] fix: corrected issue if unauthorized user try to access FAQs
 via solution ID

---
 phpmyfaq/src/phpMyFAQ/Faq.php | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/phpmyfaq/src/phpMyFAQ/Faq.php b/phpmyfaq/src/phpMyFAQ/Faq.php
index f96433c080..91f10dd86a 100755
--- a/phpmyfaq/src/phpMyFAQ/Faq.php
+++ b/phpmyfaq/src/phpMyFAQ/Faq.php
@@ -1237,11 +1237,14 @@ public function getRecordBySolutionId(int $solutionId): void
     {
         $query = sprintf(
             'SELECT
-                *
+                fd.*, COALESCE(fdg.group_id, -1) AS group_id, fdu.user_id
             FROM
                 %sfaqdata fd
-            LEFT JOIN
-                %sfaqdata_group fdg
+            LEFT JOIN (
+                SELECT record_id, group_id FROM %sfaqdata_group fdg WHERE fdg.group_id <> -1
+                UNION ALL
+                SELECT fd.id AS record_id, -1 AS group_id FROM %sfaqdata fd WHERE fd.solution_id = %d
+            ) AS fdg
             ON
                 fd.id = fdg.record_id
             LEFT JOIN
@@ -1255,6 +1258,8 @@ public function getRecordBySolutionId(int $solutionId): void
             Database::getTablePrefix(),
             Database::getTablePrefix(),
             $solutionId,
+            Database::getTablePrefix(),
+            $solutionId,
             $this->queryPermission($this->groupSupport)
         );