Anonymous Login
2019-08-22 17:47 PDT

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0001038v3.0 Release[All Projects] Generalpublic2013-08-28 11:21
Reporterproject_manager 
Assigned Tocaseydk 
PrioritynormalSeverityblockReproducibilityrandom
StatusclosedResolutionfixed 
Product Version 
Target VersionFixed in Version3.0.0 
Summary0001038: bug fix: Editing of Forum posts randomly not possible
Descriptionsince v3.x

Sometimes editing of Forum posts becomes not possible. After editing text and pressing submitt the text is not stored and window does not return to previous view.

Violating access rules because of mixing message_id with forum_id !
As long forum_id and message_id are serendipitously in the same number-range it works randomly or not.

Reason: due to a logical syntax bug in:

..\modules\forums\forummessage.class.php

v2.4: (ok)
if ($this->message_id && $perms->checkModuleItem('forums', 'edit', $this->forum_id)) {

v3.x: (wrong)
if ($this->{$this->_tbl_key} && $perms->checkModuleItem('forums', 'edit', $this->{$this->_tbl_key})) {

with:
_tbl = forum_messages
_tbl_key = message_id
_tbl_module = forum_messages

change line to:
if ($this->{$this->_tbl_key} && $perms->checkModuleItem('forums', 'edit', $this->{$this->_tbl_module})) {
Additional Informationabove function call in Permissions.class.php:

public function checkModuleItem($module, $op, $item = null, $userid = null) {
...
--->> wrong item-argument
...
$result = $this->w2Pacl_query('application', $op, 'user', $userid, $module, $item);
...
public function w2Pacl_query($application = 'application', $op, $user = 'user', $userid, $module, $item) {
...
$nuclear = $this->w2Pacl_nuclear($userid, $module, $item, $mod_class);
...
public function w2Pacl_nuclear($userid, $module, $item, $mod_class = array()) {
...
$allowedRecords = $obj->getAllowedRecords($userid, $mod_class['permissions_item_table'] . '.' . $mod_class['permissions_item_field'] . ',' . $mod_class['permissions_item_label']);
...
in forums.class.php:
public function getAllowedRecords($uid, $fields = '*', $orderby = '', $index = null, $extra = null) {
...
back in Permissions.class.php:
...
if (isset($allowedRecords[(int)$item])) {
...
---> here comes the error (logical mistake)
---> $allowedRecords is an array of Forum Topics (forum_id) and $item is the given argument and is a message_id (wrong)!
---> e.g. 2x Forum_topics with forum_id = 1,3 and the message_id = 16 then
   isset($allowedRecords[(int)16] = FALSE !
---> Permission is checked on forum_id and not message_id
---> change $item to forum_id
TagsNo tags attached.
Attached Files

-Relationships
+Relationships

-Notes

~0002358

caseydk (administrator)

Resolved in r2260 as described;
+Notes

-Issue History
Date Modified Username Field Change
2011-12-17 22:00 project_manager New Issue
2011-12-17 22:00 project_manager File Added: forummessage.class.php
2011-12-19 23:50 caseydk Status new => assigned
2011-12-19 23:50 caseydk Assigned To => caseydk
2011-12-22 20:59 caseydk Note Added: 0002358
2011-12-22 20:59 caseydk Status assigned => resolved
2011-12-22 20:59 caseydk Resolution open => fixed
2013-08-28 11:14 caseydk Fixed in Version => 3.0.0
2013-08-28 11:21 caseydk Status resolved => closed
+Issue History