From 090b90227b42473c065722a0b3d4b51af6b195b0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=A1bor=20Hojtsy?= <gabor@hojtsy.hu>
Date: Thu, 20 Dec 2007 08:20:58 +0000
Subject: #199780 by Pancho and chx: fix problem in access rules check
 introduced in #174025

---
 includes/bootstrap.inc | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

(limited to 'includes')

diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
index 772eb5621..ad750be6d 100644
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -824,13 +824,10 @@ function drupal_is_denied($type, $mask) {
   // Because this function is called for every page request, both cached
   // and non-cached pages, we tried to optimize it as much as possible.
   // We deny access if the only matching records in the {access} table have
-  // status 0. If any have status 1, or if there are no matching records,
-  // we allow access.
-  // We only select for records with status 0. If we have some of
-  // these, we return 1 (denied). If no matching records or only ones
-  // with status = 1, we get no return from db_result, so we return
-  // (bool)NULL = 0 (allowed).
-  return (bool) db_result(db_query_range("SELECT 1 FROM {access} WHERE type = '%s' AND LOWER('%s') LIKE LOWER(mask) AND status = 0", $type, $mask, 0, 1));
+  // status 0 (deny). If any have status 1 (allow), or if there are no
+  // matching records, we allow access.
+  $sql = "SELECT 1 FROM {access} WHERE type = '%s' AND LOWER('%s') LIKE LOWER(mask) AND status = %d";
+  return db_result(db_query_range($sql, $type, $mask, 0, 0, 1)) && !db_result(db_query_range($sql, $type, $mask, 1, 0, 1));
 }
 
 /**
-- 
cgit v1.2.3