aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorcash <cash.costello@gmail.com>2013-05-30 19:31:45 -0400
committercash <cash.costello@gmail.com>2013-05-30 19:31:45 -0400
commita9709da4bd45ea04944d93e0d472aa4ee801e0f5 (patch)
treebc7a0ce4b76fa966a7cd8e2da7cbb82f63acc6e6
parent4f783d420e2a74816265cb657f0c4961c8f2117f (diff)
downloadelgg-a9709da4bd45ea04944d93e0d472aa4ee801e0f5.tar.gz
elgg-a9709da4bd45ea04944d93e0d472aa4ee801e0f5.tar.bz2
Fixes #5567 throw exception when saving with ACCESS_DEFAULT
-rw-r--r--engine/lib/entities.php11
1 files changed, 9 insertions, 2 deletions
diff --git a/engine/lib/entities.php b/engine/lib/entities.php
index 7b4e0e15a..5cfeca6f8 100644
--- a/engine/lib/entities.php
+++ b/engine/lib/entities.php
@@ -407,7 +407,7 @@ function update_subtype($type, $subtype, $class = '') {
* @param int $time_created The time creation timestamp
*
* @return bool
- * @link http://docs.elgg.org/DataModel/Entities
+ * @throws InvalidParameterException
* @access private
*/
function update_entity($guid, $owner_guid, $access_id, $container_guid = null, $time_created = null) {
@@ -430,6 +430,10 @@ function update_entity($guid, $owner_guid, $access_id, $container_guid = null, $
$time_created = (int) $time_created;
}
+ if ($access_id == ACCESS_DEFAULT) {
+ throw new InvalidParameterException('ACCESS_DEFAULT is not a valid access level. See its documentation in elgglib.h');
+ }
+
if ($entity && $entity->canEdit()) {
if (elgg_trigger_event('update', $entity->type, $entity)) {
$ret = update_data("UPDATE {$CONFIG->dbprefix}entities
@@ -556,7 +560,6 @@ $container_guid = 0) {
$type = sanitise_string($type);
$subtype_id = add_subtype($type, $subtype);
$owner_guid = (int)$owner_guid;
- $access_id = (int)$access_id;
$time = time();
if ($site_guid == 0) {
$site_guid = $CONFIG->site_guid;
@@ -565,6 +568,10 @@ $container_guid = 0) {
if ($container_guid == 0) {
$container_guid = $owner_guid;
}
+ $access_id = (int)$access_id;
+ if ($access_id == ACCESS_DEFAULT) {
+ throw new InvalidParameterException('ACCESS_DEFAULT is not a valid access level. See its documentation in elgglib.h');
+ }
$user_guid = elgg_get_logged_in_user_guid();
if (!can_write_to_container($user_guid, $owner_guid, $type, $subtype)) {