diff options
author | Steve Clay <steve@mrclay.org> | 2012-10-03 12:42:28 -0400 |
---|---|---|
committer | Steve Clay <steve@mrclay.org> | 2012-10-03 12:42:28 -0400 |
commit | 5c069bbca76fb8519548b2c8df2b9b6f3b3885b0 (patch) | |
tree | 6684e4ebbebe196e48646d444a1e56e09d4b32f1 /engine/lib | |
parent | 766fe8ebbcc600982dddce4d93b15b65a7b8c1fb (diff) | |
download | elgg-5c069bbca76fb8519548b2c8df2b9b6f3b3885b0.tar.gz elgg-5c069bbca76fb8519548b2c8df2b9b6f3b3885b0.tar.bz2 |
Fixes #3018: Checks DB for access before using memcache-stored entity (suggested by Jerôme Bakker)
Diffstat (limited to 'engine/lib')
-rw-r--r-- | engine/lib/entities.php | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/engine/lib/entities.php b/engine/lib/entities.php index 3896cd58f..7122974dd 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -698,7 +698,7 @@ function get_entity($guid) { // but that evaluates to a false positive for $guid = TRUE. // This is a bit slower, but more thorough. if (!is_numeric($guid) || $guid === 0 || $guid === '0') { - return FALSE; + return false; } // Check local cache first @@ -715,14 +715,23 @@ function get_entity($guid) { $shared_cache = false; } } + + // until ACLs in memcache, DB query is required to determine access + $entity_row = get_entity_as_row($guid); + if (!$entity_row) { + return false; + } + if ($shared_cache) { - $new_entity = $shared_cache->load($guid); - if ($new_entity) { - return $new_entity; + $cached_entity = $shared_cache->load($guid); + // @todo store ACLs in memcache http://trac.elgg.org/ticket/3018#comment:3 + if ($cached_entity) { + // @todo use ACL and cached entity access_id to determine if user can see it + return $cached_entity; } } - $new_entity = entity_row_to_elggstar(get_entity_as_row($guid)); + $new_entity = entity_row_to_elggstar($entity_row); if ($new_entity) { cache_entity($new_entity); } |