aboutsummaryrefslogtreecommitdiff
path: root/engine
diff options
context:
space:
mode:
authorSteve Clay <steve@mrclay.org>2012-10-03 12:42:28 -0400
committerSteve Clay <steve@mrclay.org>2012-10-03 12:42:28 -0400
commit5c069bbca76fb8519548b2c8df2b9b6f3b3885b0 (patch)
tree6684e4ebbebe196e48646d444a1e56e09d4b32f1 /engine
parent766fe8ebbcc600982dddce4d93b15b65a7b8c1fb (diff)
downloadelgg-5c069bbca76fb8519548b2c8df2b9b6f3b3885b0.tar.gz
elgg-5c069bbca76fb8519548b2c8df2b9b6f3b3885b0.tar.bz2
Fixes #3018: Checks DB for access before using memcache-stored entity (suggested by Jerôme Bakker)
Diffstat (limited to 'engine')
-rw-r--r--engine/lib/entities.php19
1 files changed, 14 insertions, 5 deletions
diff --git a/engine/lib/entities.php b/engine/lib/entities.php
index 3896cd58f..7122974dd 100644
--- a/engine/lib/entities.php
+++ b/engine/lib/entities.php
@@ -698,7 +698,7 @@ function get_entity($guid) {
// but that evaluates to a false positive for $guid = TRUE.
// This is a bit slower, but more thorough.
if (!is_numeric($guid) || $guid === 0 || $guid === '0') {
- return FALSE;
+ return false;
}
// Check local cache first
@@ -715,14 +715,23 @@ function get_entity($guid) {
$shared_cache = false;
}
}
+
+ // until ACLs in memcache, DB query is required to determine access
+ $entity_row = get_entity_as_row($guid);
+ if (!$entity_row) {
+ return false;
+ }
+
if ($shared_cache) {
- $new_entity = $shared_cache->load($guid);
- if ($new_entity) {
- return $new_entity;
+ $cached_entity = $shared_cache->load($guid);
+ // @todo store ACLs in memcache http://trac.elgg.org/ticket/3018#comment:3
+ if ($cached_entity) {
+ // @todo use ACL and cached entity access_id to determine if user can see it
+ return $cached_entity;
}
}
- $new_entity = entity_row_to_elggstar(get_entity_as_row($guid));
+ $new_entity = entity_row_to_elggstar($entity_row);
if ($new_entity) {
cache_entity($new_entity);
}