[geeklog-devel] USER_addGroup VS SEC_addUserToGroup
jmucchiello at yahoo.com
Thu Sep 15 11:34:42 EDT 2011
> I noticed two different functions for almost the same action.
> USER_addGroup : Add user to group if user does not belong to specified
> group (lib-user.php)
> SEC_addUserToGroup: Add user to a group (lib-security.php)
Perfectly "logical" or at least explainable. The one in lib-user came first. Then someone decided to add a missing function to lib-security (if you read the comment, Trinity added it because it seemed like a good idea), not knowing about the one in lib-user because lib-user is only loaded by the user/profile pages, not by lib-common.
Harder to explain is the fact that copy in lib-security is used only once in the system (one would think the plugin autoinstall code must need such functionality) and worse is the copy in lib-user is not used anywhere at all.
Finally, the version in lib-security has no sanity checks, allowing duplicate grp_id, uid pairs to be put into the database. And for some reason the lib-user version doesn't allow anonymous users into groups.
There are lots of things like this in Geeklog, Ben.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the geeklog-devel