[geeklog-devel] GSoC 2010 is on
Joe Mucchiello
joe at ThrowingDice.com
Sun Apr 4 18:34:59 EDT 2010
At 09:44 AM 4/4/2010, Jakh Daven wrote:
>Content-Type: multipart/alternative; boundary=00163630f9fde9ab8d04836968e2
>Content-Transfer-Encoding:
>
>Hi Joe,
>
>So, I added a few user groups from the database by setting grp_owner
>in gl_groups table. Then I tried submitting a story as admin and was
>surprised to see that the user groups turn up in groups drop down.
>Looking closer, I found that SEC_getGroupDropdown doesn't really
>return only system groups. It calls SEC_getUserGroups without any
>filter and returns *all* groups. Shouldn't SEC_getUserGroups be
>called with the "grp_owner=0" filter to get only system groups?
WTF? How is that missing from the code? Yes, add the filter as you
stated in the SEC_getGroupDropdown call to SEC_getUserGroups. Well, I
was looking for a reason that I would have to upgrade to the 1.7.0
beta1. So when I do so I'll include that fix as well.
Thanks for checking my stuff. And for anyone else using at my patch
(and only those using my patch), change line 1057 of lib-security.php to
$usergroups = SEC_getUserGroups('grp_owner = 0');
----
Joe Mucchiello
Throwing Dice Games
http://www.throwingdice.com
No virus found in this outgoing message
Checked by PC Tools AntiVirus (6.0.0.19 - 10.004.176).
http://www.pctools.com/free-antivirus/
More information about the geeklog-devel
mailing list