[geeklog-cvs] geeklog: Avoid SQL error in the unlikely event that a user is no...

[geeklog-cvs at lists.geeklog.net]

details:   http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/ba11d6859ebc
changeset: 7026:ba11d6859ebc
user:      Dirk Haun <dirk at haun-online.de>
date:      Sun May 10 21:43:03 2009 +0200
description:
Avoid SQL error in the unlikely event that a user is not a member of any groups ("this shouldn't happen"; cf. bug #0000863)

diffstat:

1 file changed, 9 insertions(+), 4 deletions(-)
system/lib-security.php |   13 +++++++++----

diffs (35 lines):

diff -r 152b26131cf0 -r ba11d6859ebc system/lib-security.php
--- a/system/lib-security.php	Sun May 10 17:39:32 2009 +0200
+++ b/system/lib-security.php	Sun May 10 21:43:03 2009 +0200
@@ -470,15 +470,15 @@
 /**
 * Gets everything a user has permissions to within the system
 *
-* This is part of the Geeklog security implmentation.  This function
-* will get all the permissions the current user has call itself recursively.
+* This is part of the Geeklog security implementation.  This function
+* will get all the permissions the current user has. Calls itself recursively.
 *
-* @param    int     $grp_id     DO NOT USE (Used for reccursion) Current group function is working on
+* @param    int     $grp_id     DO NOT USE (Used for recursion) Current group function is working on
 * @param    int     $uid        User to check, if empty current user.
 * @return   string  returns comma delimited list of features the user has access to
 *
 */
-function SEC_getUserPermissions($grp_id='',$uid='')
+function SEC_getUserPermissions($grp_id='', $uid='')
 {
     global $_TABLES, $_USER, $_SEC_VERBOSE, $_GROUPS;
 
@@ -504,6 +504,11 @@
         $groups = $_GROUPS;
     } else {
         $groups = SEC_getUserGroups ($uid);
+    }
+
+    if (empty($groups)) {
+        // this shouldn't happen - make a graceful exit to avoid an SQL error
+        return '';
     }
 
     $glist = join(',', $groups);