diff options
| author | Gábor Hojtsy <gabor@hojtsy.hu> | 2008-01-01 17:46:30 +0000 |
|---|---|---|
| committer | Gábor Hojtsy <gabor@hojtsy.hu> | 2008-01-01 17:46:30 +0000 |
| commit | 195fe364d26890f98c5a04510cf6906b7d85263d (patch) | |
| tree | fd87d6204d680eed235509ec5bd33874862693ef | |
| parent | 84c6d225e8f3579fe7f9e128cf7a21453dee66c0 (diff) | |
| download | brdo-195fe364d26890f98c5a04510cf6906b7d85263d.tar.gz brdo-195fe364d26890f98c5a04510cf6906b7d85263d.tar.bz2 | |
#203582 by David_Rothstein: some core hook_access() implementations are not using the passed in account
| -rw-r--r-- | modules/forum/forum.module | 5 | ||||
| -rw-r--r-- | modules/node/node.module | 5 | ||||
| -rw-r--r-- | modules/poll/poll.module | 4 |
3 files changed, 4 insertions, 10 deletions
diff --git a/modules/forum/forum.module b/modules/forum/forum.module index 8fc78fbf8..a9b817a09 100644 --- a/modules/forum/forum.module +++ b/modules/forum/forum.module @@ -310,10 +310,7 @@ function forum_access($op, $node, $account) { } if ($op == 'update' || $op == 'delete') { - if (user_access('edit own forum topics', $account) && ($account->uid == $node->uid)) { - return TRUE; - } - if (user_access('edit any forum topic')) { + if (user_access('edit any forum topic', $account) || (user_access('edit own forum topics', $account) && ($account->uid == $node->uid))) { return TRUE; } } diff --git a/modules/node/node.module b/modules/node/node.module index 85a49cfed..56d4b75be 100644 --- a/modules/node/node.module +++ b/modules/node/node.module @@ -2322,7 +2322,6 @@ function _node_access_rebuild_batch_finished($success, $results, $operations) { * Named so as not to conflict with node_access() */ function node_content_access($op, $node, $account) { - global $user; $type = is_string($node) ? $node : (is_array($node) ? $node['type'] : $node->type); if ($op == 'create') { @@ -2330,13 +2329,13 @@ function node_content_access($op, $node, $account) { } if ($op == 'update') { - if (user_access('edit any '. $type .' content', $account) || (user_access('edit own '. $type .' content', $account) && ($user->uid == $node->uid))) { + if (user_access('edit any '. $type .' content', $account) || (user_access('edit own '. $type .' content', $account) && ($account->uid == $node->uid))) { return TRUE; } } if ($op == 'delete') { - if (user_access('delete any '. $type .' content') || (user_access('delete own '. $type .' content') && ($user->uid == $node->uid))) { + if (user_access('delete any '. $type .' content', $account) || (user_access('delete own '. $type .' content', $account) && ($account->uid == $node->uid))) { return TRUE; } } diff --git a/modules/poll/poll.module b/modules/poll/poll.module index 4d749a4f6..5150a209d 100644 --- a/modules/poll/poll.module +++ b/modules/poll/poll.module @@ -61,13 +61,11 @@ function poll_perm() { * Implementation of hook_access(). */ function poll_access($op, $node, $account) { - global $user; - switch ($op) { case 'create': return user_access('create poll content', $account); case 'update': - return user_access('edit any poll content') || (user_access('edit own poll content') && ($node->uid == $user->uid)); + return user_access('edit any poll content', $account) || (user_access('edit own poll content', $account) && ($node->uid == $account->uid)); } } |