View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
---|---|---|---|---|---|---|---|---|---|
0001038 | v3.0 Release | [All Projects] General | public | 2011-12-17 22:00 | 2013-08-28 11:21 | ||||
Reporter | project_manager | ||||||||
Assigned To | caseydk | ||||||||
Priority | normal | Severity | block | Reproducibility | random | ||||
Status | closed | Resolution | fixed | ||||||
Product Version | |||||||||
Target Version | Fixed in Version | 3.0.0 | |||||||
Summary | 0001038: bug fix: Editing of Forum posts randomly not possible | ||||||||
Description | since v3.x Sometimes editing of Forum posts becomes not possible. After editing text and pressing submitt the text is not stored and window does not return to previous view. Violating access rules because of mixing message_id with forum_id ! As long forum_id and message_id are serendipitously in the same number-range it works randomly or not. Reason: due to a logical syntax bug in: ..\modules\forums\forummessage.class.php v2.4: (ok) if ($this->message_id && $perms->checkModuleItem('forums', 'edit', $this->forum_id)) { v3.x: (wrong) if ($this->{$this->_tbl_key} && $perms->checkModuleItem('forums', 'edit', $this->{$this->_tbl_key})) { with: _tbl = forum_messages _tbl_key = message_id _tbl_module = forum_messages change line to: if ($this->{$this->_tbl_key} && $perms->checkModuleItem('forums', 'edit', $this->{$this->_tbl_module})) { | ||||||||
Additional Information | above function call in Permissions.class.php: public function checkModuleItem($module, $op, $item = null, $userid = null) { ... --->> wrong item-argument ... $result = $this->w2Pacl_query('application', $op, 'user', $userid, $module, $item); ... public function w2Pacl_query($application = 'application', $op, $user = 'user', $userid, $module, $item) { ... $nuclear = $this->w2Pacl_nuclear($userid, $module, $item, $mod_class); ... public function w2Pacl_nuclear($userid, $module, $item, $mod_class = array()) { ... $allowedRecords = $obj->getAllowedRecords($userid, $mod_class['permissions_item_table'] . '.' . $mod_class['permissions_item_field'] . ',' . $mod_class['permissions_item_label']); ... in forums.class.php: public function getAllowedRecords($uid, $fields = '*', $orderby = '', $index = null, $extra = null) { ... back in Permissions.class.php: ... if (isset($allowedRecords[(int)$item])) { ... ---> here comes the error (logical mistake) ---> $allowedRecords is an array of Forum Topics (forum_id) and $item is the given argument and is a message_id (wrong)! ---> e.g. 2x Forum_topics with forum_id = 1,3 and the message_id = 16 then isset($allowedRecords[(int)16] = FALSE ! ---> Permission is checked on forum_id and not message_id ---> change $item to forum_id | ||||||||
Tags | No tags attached. | ||||||||
Attached Files |
|
![]() |
|||
Date Modified | Username | Field | Change |
---|---|---|---|
2011-12-17 22:00 | project_manager | New Issue | |
2011-12-17 22:00 | project_manager | File Added: forummessage.class.php | |
2011-12-19 23:50 | caseydk | Status | new => assigned |
2011-12-19 23:50 | caseydk | Assigned To | => caseydk |
2011-12-22 20:59 | caseydk | Note Added: 0002358 | |
2011-12-22 20:59 | caseydk | Status | assigned => resolved |
2011-12-22 20:59 | caseydk | Resolution | open => fixed |
2013-08-28 11:14 | caseydk | Fixed in Version | => 3.0.0 |
2013-08-28 11:21 | caseydk | Status | resolved => closed |