[geeklog-cvs] geeklog: Avoid SQL error in the unlikely event that a user is no...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sun May 10 15:44:26 EDT 2009
details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/ba11d6859ebc
changeset: 7026:ba11d6859ebc
user: Dirk Haun <dirk at haun-online.de>
date: Sun May 10 21:43:03 2009 +0200
description:
Avoid SQL error in the unlikely event that a user is not a member of any groups ("this shouldn't happen"; cf. bug #0000863)
diffstat:
1 file changed, 9 insertions(+), 4 deletions(-)
system/lib-security.php | 13 +++++++++----
diffs (35 lines):
diff -r 152b26131cf0 -r ba11d6859ebc system/lib-security.php
--- a/system/lib-security.php Sun May 10 17:39:32 2009 +0200
+++ b/system/lib-security.php Sun May 10 21:43:03 2009 +0200
@@ -470,15 +470,15 @@
/**
* Gets everything a user has permissions to within the system
*
-* This is part of the Geeklog security implmentation. This function
-* will get all the permissions the current user has call itself recursively.
+* This is part of the Geeklog security implementation. This function
+* will get all the permissions the current user has. Calls itself recursively.
*
-* @param int $grp_id DO NOT USE (Used for reccursion) Current group function is working on
+* @param int $grp_id DO NOT USE (Used for recursion) Current group function is working on
* @param int $uid User to check, if empty current user.
* @return string returns comma delimited list of features the user has access to
*
*/
-function SEC_getUserPermissions($grp_id='',$uid='')
+function SEC_getUserPermissions($grp_id='', $uid='')
{
global $_TABLES, $_USER, $_SEC_VERBOSE, $_GROUPS;
@@ -504,6 +504,11 @@
$groups = $_GROUPS;
} else {
$groups = SEC_getUserGroups ($uid);
+ }
+
+ if (empty($groups)) {
+ // this shouldn't happen - make a graceful exit to avoid an SQL error
+ return '';
}
$glist = join(',', $groups);
More information about the geeklog-cvs
mailing list