MantisBT - v3.0 Release
View Issue Details
0001038v3.0 Release[All Projects] Generalpublic2011-12-17 22:002013-08-28 11:21
Reporterproject_manager 
Assigned Tocaseydk 
PrioritynormalSeverityblockReproducibilityrandom
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version3.0.0 
Summary0001038: bug fix: Editing of Forum posts randomly not possible
Descriptionsince v3.x

Sometimes editing of Forum posts becomes not possible. After editing text and pressing submitt the text is not stored and window does not return to previous view.

Violating access rules because of mixing message_id with forum_id !
As long forum_id and message_id are serendipitously in the same number-range it works randomly or not.

Reason: due to a logical syntax bug in:

..\modules\forums\forummessage.class.php

v2.4: (ok)
if ($this->message_id && $perms->checkModuleItem('forums', 'edit', $this->forum_id)) {

v3.x: (wrong)
if ($this->{$this->_tbl_key} && $perms->checkModuleItem('forums', 'edit', $this->{$this->_tbl_key})) {

with:
_tbl = forum_messages
_tbl_key = message_id
_tbl_module = forum_messages

change line to:
if ($this->{$this->_tbl_key} && $perms->checkModuleItem('forums', 'edit', $this->{$this->_tbl_module})) {
Additional Informationabove function call in Permissions.class.php:

public function checkModuleItem($module, $op, $item = null, $userid = null) {
...
--->> wrong item-argument
...
$result = $this->w2Pacl_query('application', $op, 'user', $userid, $module, $item);
...
public function w2Pacl_query($application = 'application', $op, $user = 'user', $userid, $module, $item) {
...
$nuclear = $this->w2Pacl_nuclear($userid, $module, $item, $mod_class);
...
public function w2Pacl_nuclear($userid, $module, $item, $mod_class = array()) {
...
$allowedRecords = $obj->getAllowedRecords($userid, $mod_class['permissions_item_table'] . '.' . $mod_class['permissions_item_field'] . ',' . $mod_class['permissions_item_label']);
...
in forums.class.php:
public function getAllowedRecords($uid, $fields = '*', $orderby = '', $index = null, $extra = null) {
...
back in Permissions.class.php:
...
if (isset($allowedRecords[(int)$item])) {
...
---> here comes the error (logical mistake)
---> $allowedRecords is an array of Forum Topics (forum_id) and $item is the given argument and is a message_id (wrong)!
---> e.g. 2x Forum_topics with forum_id = 1,3 and the message_id = 16 then
   isset($allowedRecords[(int)16] = FALSE !
---> Permission is checked on forum_id and not message_id
---> change $item to forum_id
TagsNo tags attached.
Attached Files? forummessage.class.php (8,243) 1969-12-31 16:00
https://bugs.web2project.net/file_download.php?file_id=311&type=bug

Notes
(0002358)
caseydk   
2011-12-22 20:59   
Resolved in r2260 as described;

Issue History
2011-12-17 22:00project_managerNew Issue
2011-12-17 22:00project_managerFile Added: forummessage.class.php
2011-12-19 23:50caseydkStatusnew => assigned
2011-12-19 23:50caseydkAssigned To => caseydk
2011-12-22 20:59caseydkNote Added: 0002358
2011-12-22 20:59caseydkStatusassigned => resolved
2011-12-22 20:59caseydkResolutionopen => fixed
2013-08-28 11:14caseydkFixed in Version => 3.0.0
2013-08-28 11:21caseydkStatusresolved => closed