diff options
| author | Gábor Hojtsy <gabor@hojtsy.hu> | 2007-12-20 08:20:58 +0000 |
|---|---|---|
| committer | Gábor Hojtsy <gabor@hojtsy.hu> | 2007-12-20 08:20:58 +0000 |
| commit | 090b90227b42473c065722a0b3d4b51af6b195b0 (patch) | |
| tree | f8d08a5cd3bb60abbdb96e1d24b6c077978b7932 /includes | |
| parent | 310765bccbafe72140b68851e155d32f82e5efce (diff) | |
| download | brdo-090b90227b42473c065722a0b3d4b51af6b195b0.tar.gz brdo-090b90227b42473c065722a0b3d4b51af6b195b0.tar.bz2 | |
#199780 by Pancho and chx: fix problem in access rules check introduced in #174025
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/bootstrap.inc | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index 772eb5621..ad750be6d 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -824,13 +824,10 @@ function drupal_is_denied($type, $mask) { // Because this function is called for every page request, both cached // and non-cached pages, we tried to optimize it as much as possible. // We deny access if the only matching records in the {access} table have - // status 0. If any have status 1, or if there are no matching records, - // we allow access. - // We only select for records with status 0. If we have some of - // these, we return 1 (denied). If no matching records or only ones - // with status = 1, we get no return from db_result, so we return - // (bool)NULL = 0 (allowed). - return (bool) db_result(db_query_range("SELECT 1 FROM {access} WHERE type = '%s' AND LOWER('%s') LIKE LOWER(mask) AND status = 0", $type, $mask, 0, 1)); + // status 0 (deny). If any have status 1 (allow), or if there are no + // matching records, we allow access. + $sql = "SELECT 1 FROM {access} WHERE type = '%s' AND LOWER('%s') LIKE LOWER(mask) AND status = %d"; + return db_result(db_query_range($sql, $type, $mask, 0, 0, 1)) && !db_result(db_query_range($sql, $type, $mask, 1, 0, 1)); } /** |