aboutsummaryrefslogtreecommitdiff
path: root/engine/lib/access.php
diff options
context:
space:
mode:
authorBrett Profitt <brett.profitt@gmail.com>2012-05-14 17:35:53 -0700
committerBrett Profitt <brett.profitt@gmail.com>2012-05-14 17:35:53 -0700
commit9a59aa7a3cbb0e741b9b50b6b6ce8bd021b2479a (patch)
tree4367db5435ab52f5f92c9cf0b8a8922d8d6ac35b /engine/lib/access.php
parent70e5ffe5f887679b10b6c6ac8a14b1f128efbb52 (diff)
downloadelgg-9a59aa7a3cbb0e741b9b50b6b6ce8bd021b2479a.tar.gz
elgg-9a59aa7a3cbb0e741b9b50b6b6ce8bd021b2479a.tar.bz2
Only caching access lists after ready, system fires.
This prevents a bug where access lists could be cached and not cleared during plugin boot while access was disabled, which could expose entities set to ACCESS_PRIVATE.
Diffstat (limited to 'engine/lib/access.php')
-rw-r--r--engine/lib/access.php31
1 files changed, 19 insertions, 12 deletions
diff --git a/engine/lib/access.php b/engine/lib/access.php
index 6be252c6a..702e2c1cb 100644
--- a/engine/lib/access.php
+++ b/engine/lib/access.php
@@ -31,7 +31,7 @@ function get_access_list($user_id = 0, $site_id = 0, $flush = false) {
global $CONFIG, $init_finished;
static $access_list;
- if (!isset($access_list) || !$init_finished) {
+ if (!isset($access_list)) {
$access_list = array();
}
@@ -49,9 +49,15 @@ function get_access_list($user_id = 0, $site_id = 0, $flush = false) {
return $access_list[$user_id];
}
- $access_list[$user_id] = "(" . implode(",", get_access_array($user_id, $site_id, $flush)) . ")";
+ $access = "(" . implode(",", get_access_array($user_id, $site_id, $flush)) . ")";
- return $access_list[$user_id];
+ // only cache if done with init
+ if ($init_finished) {
+ $access_list[$user_id] = $access;
+ return $access_list[$user_id];
+ } else {
+ return $access;
+ }
}
/**
@@ -83,7 +89,7 @@ function get_access_array($user_id = 0, $site_id = 0, $flush = false) {
// this cache might be redundant. But db cache is flushed on every db write.
static $access_array;
- if (!isset($access_array) || (!isset($init_finished)) || (!$init_finished)) {
+ if (!isset($access_array)) {
$access_array = array();
}
@@ -137,12 +143,11 @@ function get_access_array($user_id = 0, $site_id = 0, $flush = false) {
$tmp_access_array[] = ACCESS_PRIVATE;
}
- $access_array[$user_id] = $tmp_access_array;
- } else {
- // No user id logged in so we can only access public info
- $tmp_return = $tmp_access_array;
+ // only cache if done with init
+ if ($init_finished) {
+ $access_array[$user_id] = $tmp_access_array;
+ }
}
-
} else {
$tmp_access_array = $access_array[$user_id];
}
@@ -946,7 +951,8 @@ function elgg_get_access_object() {
*
* @global bool $init_finished
* @access private
- * @todo investigate why this is needed
+ * @todo This is required to tell the access system to start caching because
+ * calls are made while in ignore access mode and before the user is logged in.
*/
$init_finished = false;
@@ -1014,8 +1020,9 @@ function access_test($hook, $type, $value, $params) {
return $value;
}
-// This function will let us know when 'init' has finished
-elgg_register_event_handler('init', 'system', 'access_init', 9999);
+// Tell the access functions the system has booted, plugins are loaded,
+// and the user is logged in so it can start caching
+elgg_register_event_handler('ready', 'system', 'access_init');
// For overrided permissions
elgg_register_plugin_hook_handler('permissions_check', 'all', 'elgg_override_permissions');