From 5c069bbca76fb8519548b2c8df2b9b6f3b3885b0 Mon Sep 17 00:00:00 2001 From: Steve Clay Date: Wed, 3 Oct 2012 12:42:28 -0400 Subject: Fixes #3018: Checks DB for access before using memcache-stored entity (suggested by Jerôme Bakker) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- engine/lib/entities.php | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) (limited to 'engine') diff --git a/engine/lib/entities.php b/engine/lib/entities.php index 3896cd58f..7122974dd 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -698,7 +698,7 @@ function get_entity($guid) { // but that evaluates to a false positive for $guid = TRUE. // This is a bit slower, but more thorough. if (!is_numeric($guid) || $guid === 0 || $guid === '0') { - return FALSE; + return false; } // Check local cache first @@ -715,14 +715,23 @@ function get_entity($guid) { $shared_cache = false; } } + + // until ACLs in memcache, DB query is required to determine access + $entity_row = get_entity_as_row($guid); + if (!$entity_row) { + return false; + } + if ($shared_cache) { - $new_entity = $shared_cache->load($guid); - if ($new_entity) { - return $new_entity; + $cached_entity = $shared_cache->load($guid); + // @todo store ACLs in memcache http://trac.elgg.org/ticket/3018#comment:3 + if ($cached_entity) { + // @todo use ACL and cached entity access_id to determine if user can see it + return $cached_entity; } } - $new_entity = entity_row_to_elggstar(get_entity_as_row($guid)); + $new_entity = entity_row_to_elggstar($entity_row); if ($new_entity) { cache_entity($new_entity); } -- cgit v1.2.3