From 5c069bbca76fb8519548b2c8df2b9b6f3b3885b0 Mon Sep 17 00:00:00 2001
From: Steve Clay <steve@mrclay.org>
Date: Wed, 3 Oct 2012 12:42:28 -0400
Subject: Fixes #3018: Checks DB for access before using memcache-stored entity
 (suggested by Jerôme Bakker)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 engine/lib/entities.php | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/engine/lib/entities.php b/engine/lib/entities.php
index 3896cd58f..7122974dd 100644
--- a/engine/lib/entities.php
+++ b/engine/lib/entities.php
@@ -698,7 +698,7 @@ function get_entity($guid) {
 	// but that evaluates to a false positive for $guid = TRUE.
 	// This is a bit slower, but more thorough.
 	if (!is_numeric($guid) || $guid === 0 || $guid === '0') {
-		return FALSE;
+		return false;
 	}
 	
 	// Check local cache first
@@ -715,14 +715,23 @@ function get_entity($guid) {
 			$shared_cache = false;
 		}
 	}
+
+	// until ACLs in memcache, DB query is required to determine access
+	$entity_row = get_entity_as_row($guid);
+	if (!$entity_row) {
+		return false;
+	}
+
 	if ($shared_cache) {
-		$new_entity = $shared_cache->load($guid);
-		if ($new_entity) {
-			return $new_entity;
+		$cached_entity = $shared_cache->load($guid);
+		// @todo store ACLs in memcache http://trac.elgg.org/ticket/3018#comment:3
+		if ($cached_entity) {
+			// @todo use ACL and cached entity access_id to determine if user can see it
+			return $cached_entity;
 		}
 	}
 
-	$new_entity = entity_row_to_elggstar(get_entity_as_row($guid));
+	$new_entity = entity_row_to_elggstar($entity_row);
 	if ($new_entity) {
 		cache_entity($new_entity);
 	}
-- 
cgit v1.2.3