[geeklog-cvs] geeklog-1.3/system lib-security.php,1.22,1.23
dhaun at iowaoutdoors.org
dhaun at iowaoutdoors.org
Sat Dec 18 10:25:52 EST 2004
Update of /var/cvs/geeklog-1.3/system
In directory www:/tmp/cvs-serv30975/system
Modified Files:
lib-security.php
Log Message:
SEC_getFeatureGroup() should not overwrite $_GROUPS if not working on the current user (bug #331)
Index: lib-security.php
===================================================================
RCS file: /var/cvs/geeklog-1.3/system/lib-security.php,v
retrieving revision 1.22
retrieving revision 1.23
diff -C2 -d -r1.22 -r1.23
*** lib-security.php 29 Sep 2004 17:43:43 -0000 1.22
--- lib-security.php 18 Dec 2004 15:25:50 -0000 1.23
***************
*** 607,610 ****
--- 607,612 ----
global $_GROUPS, $_TABLES, $_USER;
+ $ugroups = array ();
+
if (empty ($uid)) {
if (empty ($_USER['uid'])) {
***************
*** 616,621 ****
$_GROUPS = SEC_getUserGroups ($uid);
}
} else {
! $_GROUPS = SEC_getUserGroups ($uid);
}
--- 618,624 ----
$_GROUPS = SEC_getUserGroups ($uid);
}
+ $ugroups = $_GROUPS;
} else {
! $ugroups = SEC_getUserGroups ($uid);
}
***************
*** 623,628 ****
$ft_id = DB_getItem ($_TABLES['features'], 'ft_id', "ft_name = '$feature'");
! if (($ft_id > 0) && (sizeof ($_GROUPS) > 0)) {
! $grouplist = implode (',', $_GROUPS);
$result = DB_query ("SELECT acc_grp_id FROM {$_TABLES['access']} WHERE (acc_ft_id = $ft_id) AND (acc_grp_id IN ($grouplist)) ORDER BY acc_grp_id LIMIT 1");
$A = DB_fetchArray ($result);
--- 626,631 ----
$ft_id = DB_getItem ($_TABLES['features'], 'ft_id', "ft_name = '$feature'");
! if (($ft_id > 0) && (sizeof ($ugroups) > 0)) {
! $grouplist = implode (',', $ugroups);
$result = DB_query ("SELECT acc_grp_id FROM {$_TABLES['access']} WHERE (acc_ft_id = $ft_id) AND (acc_grp_id IN ($grouplist)) ORDER BY acc_grp_id LIMIT 1");
$A = DB_fetchArray ($result);
More information about the geeklog-cvs
mailing list