From b46d3d3699529b49e147843437148baac6657f39 Mon Sep 17 00:00:00 2001
From: Brett Profitt <brett.profitt@gmail.com>
Date: Mon, 17 Dec 2012 12:20:57 -0500
Subject: Fixes #4720. Disabling access while finding / fetching page owners so
 group gatekeepers work.

---
 engine/lib/pageowner.php | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

(limited to 'engine')

diff --git a/engine/lib/pageowner.php b/engine/lib/pageowner.php
index 0cf0e0625..94765feee 100644
--- a/engine/lib/pageowner.php
+++ b/engine/lib/pageowner.php
@@ -37,6 +37,8 @@ function elgg_get_page_owner_guid($guid = 0) {
 /**
  * Gets the owner entity for the current page.
  *
+ * @note Access is disabled when getting the page owner entity.
+ *
  * @return ElggEntity|false The current page owner or false if none.
  *
  * @since 1.8.0
@@ -44,10 +46,14 @@ function elgg_get_page_owner_guid($guid = 0) {
 function elgg_get_page_owner_entity() {
 	$guid = elgg_get_page_owner_guid();
 	if ($guid > 0) {
-		return get_entity($guid);
+		$ia = elgg_set_ignore_access(true);
+		$owner = get_entity($guid);
+		elgg_set_ignore_access($ia);
+
+		return $owner;
 	}
 
-	return FALSE;
+	return false;
 }
 
 /**
@@ -75,6 +81,8 @@ function elgg_set_page_owner_guid($guid) {
  *   <handler>/edit/<entity guid>
  *   <handler>/group/<group guid>
  *
+ * @note Access is disabled while finding the page owner for the group gatekeeper functions.
+ *
  *
  * @param string $hook        'page_owner'
  * @param string $entity_type 'system'
@@ -90,6 +98,8 @@ function default_page_owner_handler($hook, $entity_type, $returnvalue, $params)
 		return $returnvalue;
 	}
 
+	$ia = elgg_set_ignore_access(true);
+
 	$username = get_input("username");
 	if ($username) {
 		// @todo using a username of group:<guid> is deprecated
@@ -97,6 +107,7 @@ function default_page_owner_handler($hook, $entity_type, $returnvalue, $params)
 			preg_match('/group\:([0-9]+)/i', $username, $matches);
 			$guid = $matches[1];
 			if ($entity = get_entity($guid)) {
+				elgg_set_ignore_access($ia);
 				return $entity->getGUID();
 			}
 		}
@@ -109,6 +120,7 @@ function default_page_owner_handler($hook, $entity_type, $returnvalue, $params)
 	$owner = get_input("owner_guid");
 	if ($owner) {
 		if ($user = get_entity($owner)) {
+			elgg_set_ignore_access($ia);
 			return $user->getGUID();
 		}
 	}
@@ -130,6 +142,7 @@ function default_page_owner_handler($hook, $entity_type, $returnvalue, $params)
 				case 'friends':
 					$user = get_user_by_username($segments[2]);
 					if ($user) {
+						elgg_set_ignore_access($ia);
 						return $user->getGUID();
 					}
 					break;
@@ -137,6 +150,7 @@ function default_page_owner_handler($hook, $entity_type, $returnvalue, $params)
 				case 'edit':
 					$entity = get_entity($segments[2]);
 					if ($entity) {
+						elgg_set_ignore_access($ia);
 						return $entity->getContainerGUID();
 					}
 					break;
@@ -144,6 +158,7 @@ function default_page_owner_handler($hook, $entity_type, $returnvalue, $params)
 				case 'group':
 					$entity = get_entity($segments[2]);
 					if ($entity) {
+						elgg_set_ignore_access($ia);
 						return $entity->getGUID();
 					}
 					break;
@@ -151,7 +166,7 @@ function default_page_owner_handler($hook, $entity_type, $returnvalue, $params)
 		}
 	}
 
-	return $returnvalue;
+	elgg_set_ignore_access($ia);
 }
 
 /**
-- 
cgit v1.2.3