Menu
▾
▴
[phpesp-dev] [ phpesp-Bugs-2138508 ] group manager cannot do much managing
|
From: SourceForge.net <no...@so...> - 2009-04-05 11:43:45
|
Bugs item #2138508, was opened at 2008-09-30 18:04 Message generated for change (Comment added) made by bochoven You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=2138508&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Admin Group: 2.1.2 Status: Open Resolution: None Priority: 5 Private: No Submitted By: Jonathan Hughes (xerxesii) Assigned to: Franky Van Liedekerke (liedekef) Summary: group manager cannot do much managing Initial Comment: A group manager cannot add a new designer using the forms interface, or perform other tasks such as changing user flags. Message is "This account does not have permission to access this group". Batch submission works OK. Cannot duplicate on demo site since user doesn't have this capability. ---------------------------------------------------------------------- Comment By: Arjen van Bochoven (bochoven) Date: 2009-04-05 13:43 Message: I can confirm that the fix in revision 1110 resolves the issue. A group editor is now able to add new designers and delete them. I can confirm that it also resolves the same issue with respondent accounts. Thank you for the quick resolution. Arjen PS On the long term a more robust approach would be preferred, only escaping the variables only in the query using mysql_real_escape_string() or using a db abstraction layer as the one used in CodeIgniter for example. ---------------------------------------------------------------------- Comment By: Franky Van Liedekerke (liedekef) Date: 2009-04-05 10:18 Message: Hmmm ... the in_array function is called in multiple places with the same $r variable. Shouldn't they all be changed then? I've committed a fix for this to svn. Please verify if this works ok, then I'll close this ticket and release a new version asap. Franky ---------------------------------------------------------------------- Comment By: Arjen van Bochoven (bochoven) Date: 2009-04-04 23:18 Message: Ok, you probably read the mailinglist, but just to be sure here's the culprit: I guess in order to prepare for a mysql query, the variable containing the group is padded with quotes. This causes the check for the group to fail. To fix it, edit admin/include/where/admdesigner.inc on line 155 replace in_array($r, $_SESSION['acl']['pgroup']) || with in_array(trim($r, "'"), $_SESSION['acl']['pgroup']) || ---------------------------------------------------------------------- Comment By: Franky Van Liedekerke (liedekef) Date: 2009-04-04 14:38 Message: Hmmm ... appparently closed for the wrong reason (I based myself on the comment that it was fixed without looking at the poster). I'm going to check this out (again) when I have the time. Franky ---------------------------------------------------------------------- Comment By: Jonathan Hughes (xerxesii) Date: 2008-10-03 18:18 Message: Suggested fix doesn't have any effect! ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2008-10-03 14:49 Message: I've found it, it was nnot a bug but a configuration matter. In the default config file (phpESP.ini.php.default) the setting is as followed: $ESPCONFIG['limit_double_postings'] = 3; By adding the next line to phpESP.ini.php the problem is solved $ESPCONFIG['limit_double_postings'] = 0; Greetings Arjan ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2008-10-03 14:49 Message: I've found it, it was nnot a bug but a configuration matter. In the default config file (phpESP.ini.php.default) the setting is as followed: $ESPCONFIG['limit_double_postings'] = 3; By adding the next line to phpESP.ini.php the problem is solved $ESPCONFIG['limit_double_postings'] = 0; Greetings Arjan ---------------------------------------------------------------------- Comment By: Franky Van Liedekerke (liedekef) Date: 2008-10-03 13:21 Message: I'll check this out. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=2138508&group_id=8956 |
