From 6dafbe06733f6cee4a52b169f5e4cf07d9d11c72 Mon Sep 17 00:00:00 2001
From: Steve Clay <steve@mrclay.org>
Date: Tue, 29 May 2012 08:24:49 -0400
Subject: small fixes

---
 engine/lib/entities.php | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

(limited to 'engine/lib')

diff --git a/engine/lib/entities.php b/engine/lib/entities.php
index 05916ddf4..20921b41a 100644
--- a/engine/lib/entities.php
+++ b/engine/lib/entities.php
@@ -30,7 +30,7 @@ $SUBTYPE_CACHE = NULL;
  *
  * @param int $guid The entity guid
  *
- * @return void
+ * @return null
  * @access private
  */
 function invalidate_cache_for_entity($guid) {
@@ -48,7 +48,7 @@ function invalidate_cache_for_entity($guid) {
  *
  * @param ElggEntity $entity Entity to cache
  *
- * @return void
+ * @return null
  * @see retrieve_cached_entity()
  * @see invalidate_cache_for_entity()
  * @access private
@@ -56,7 +56,13 @@ function invalidate_cache_for_entity($guid) {
  */
 function cache_entity(ElggEntity $entity) {
 	global $ENTITY_CACHE;
-	
+
+	// Don't cache entities while access control is off, otherwise they could be
+	// exposed to users who shouldn't see them when control is re-enabled.
+	if (elgg_get_ignore_access()) {
+		return;
+	}
+
 	// Don't store too many or we'll have memory problems
 	// TODO(evan): Pick a less arbitrary limit
 	if (count($ENTITY_CACHE) > 256) {
@@ -703,7 +709,9 @@ function get_entity($guid) {
 	}
 
 	$new_entity = entity_row_to_elggstar(get_entity_as_row($guid));
-	cache_entity($new_entity);
+	if ($new_entity) {
+		cache_entity($new_entity);
+	}
 	return $new_entity;
 }
 
@@ -1425,6 +1433,7 @@ function disable_entity($guid, $reason = "", $recursive = true) {
 
 				$entity->disableMetadata();
 				$entity->disableAnnotations();
+				invalidate_cache_for_entity($guid);
 
 				$res = update_data("UPDATE {$CONFIG->dbprefix}entities
 					SET enabled = 'no'
-- 
cgit v1.2.3