[geeklog-devel] GSoC 2010 is on

Joe Mucchiello joe at ThrowingDice.com
Sun Apr 4 18:34:59 EDT 2010


At 09:44 AM 4/4/2010, Jakh Daven wrote:
>Content-Type: multipart/alternative; boundary=00163630f9fde9ab8d04836968e2
>Content-Transfer-Encoding:
>
>Hi Joe,
>
>So, I added a few user groups from the database by setting grp_owner 
>in gl_groups table. Then I tried submitting a story as admin and was 
>surprised to see that the user groups turn up in groups drop down. 
>Looking closer, I found that  SEC_getGroupDropdown doesn't really 
>return only system groups. It calls SEC_getUserGroups without any 
>filter and returns *all* groups. Shouldn't SEC_getUserGroups be 
>called with the "grp_owner=0" filter to get only system groups?

WTF? How is that missing from the code? Yes, add the filter as you 
stated in the SEC_getGroupDropdown call to SEC_getUserGroups. Well, I 
was looking for a reason that I would have to upgrade to the 1.7.0 
beta1. So when I do so I'll include that fix as well.

Thanks for checking my stuff. And for anyone else using at my patch 
(and only those using my patch), change line 1057 of lib-security.php to
         $usergroups = SEC_getUserGroups('grp_owner = 0');



----
Joe Mucchiello
Throwing Dice Games
http://www.throwingdice.com 



No virus found in this outgoing message
Checked by PC Tools AntiVirus (6.0.0.19 - 10.004.176).
http://www.pctools.com/free-antivirus/



More information about the geeklog-devel mailing list