[geeklog-cvs] geeklog-1.3/system lib-security.php,1.22,1.23

[dhaun at iowaoutdoors.org]

Update of /var/cvs/geeklog-1.3/system
In directory www:/tmp/cvs-serv30975/system

Modified Files:
	lib-security.php 
Log Message:
SEC_getFeatureGroup() should not overwrite $_GROUPS if not working on the current user (bug #331)


Index: lib-security.php
===================================================================
RCS file: /var/cvs/geeklog-1.3/system/lib-security.php,v
retrieving revision 1.22
retrieving revision 1.23
diff -C2 -d -r1.22 -r1.23
*** lib-security.php	29 Sep 2004 17:43:43 -0000	1.22
--- lib-security.php	18 Dec 2004 15:25:50 -0000	1.23
***************
*** 607,610 ****
--- 607,612 ----
      global $_GROUPS, $_TABLES, $_USER;
  
+     $ugroups = array ();
+ 
      if (empty ($uid)) {
          if (empty ($_USER['uid'])) {
***************
*** 616,621 ****
              $_GROUPS = SEC_getUserGroups ($uid);
          }
      } else {
!         $_GROUPS = SEC_getUserGroups ($uid);
      }
  
--- 618,624 ----
              $_GROUPS = SEC_getUserGroups ($uid);
          }
+         $ugroups = $_GROUPS;
      } else {
!         $ugroups = SEC_getUserGroups ($uid);
      }
  
***************
*** 623,628 ****
  
      $ft_id = DB_getItem ($_TABLES['features'], 'ft_id', "ft_name = '$feature'");
!     if (($ft_id > 0) && (sizeof ($_GROUPS) > 0)) {
!         $grouplist = implode (',', $_GROUPS);
          $result = DB_query ("SELECT acc_grp_id FROM {$_TABLES['access']} WHERE (acc_ft_id = $ft_id) AND (acc_grp_id IN ($grouplist)) ORDER BY acc_grp_id LIMIT 1");
          $A = DB_fetchArray ($result);
--- 626,631 ----
  
      $ft_id = DB_getItem ($_TABLES['features'], 'ft_id', "ft_name = '$feature'");
!     if (($ft_id > 0) && (sizeof ($ugroups) > 0)) {
!         $grouplist = implode (',', $ugroups);
          $result = DB_query ("SELECT acc_grp_id FROM {$_TABLES['access']} WHERE (acc_ft_id = $ft_id) AND (acc_grp_id IN ($grouplist)) ORDER BY acc_grp_id LIMIT 1");
          $A = DB_fetchArray ($result);