diff options
| author | Chris Smith <chris@jalakai.co.uk> | 2007-08-05 22:33:12 +0200 |
|---|---|---|
| committer | Chris Smith <chris@jalakai.co.uk> | 2007-08-05 22:33:12 +0200 |
| commit | 00ce12dafb81a8d0cb1385660ddf4e8ad571ed19 (patch) | |
| tree | 37b524e615153c6c1f0ba6ac2095e2e75d263046 /inc/auth.php | |
| parent | 7b407d6d7dc5e3ae4c2f5f482869a64129be722c (diff) | |
| download | rpg-00ce12dafb81a8d0cb1385660ddf4e8ad571ed19.tar.gz rpg-00ce12dafb81a8d0cb1385660ddf4e8ad571ed19.tar.bz2 | |
Protect auth_ismanager() from auth modules that don't always provide group data in array (FS#1196)
darcs-hash:20070805203312-d26fc-cab8dbfff8a2d5f7299fa4462771bafc00135728.gz
Diffstat (limited to 'inc/auth.php')
| -rw-r--r-- | inc/auth.php | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/inc/auth.php b/inc/auth.php index 364346930..79e5513e4 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -277,17 +277,22 @@ function auth_ismanager($user=null,$groups=null,$adminonly=false){ if(auth_nameencode($conf['manager']) == $user) return true; } - //prepend groups with @ and nameencode - $cnt = count($groups); - for($i=0; $i<$cnt; $i++){ - $groups[$i] = '@'.auth_nameencode($groups[$i]); - } + // check user's groups against superuser and manager + if (!empty($groups)) { - // check groups against superuser and manager - if(in_array(auth_nameencode($conf['superuser'],true), $groups)) return true; - if(!$adminonly){ - if(in_array(auth_nameencode($conf['manager'],true), $groups)) return true; + //prepend groups with @ and nameencode + $cnt = count($groups); + for($i=0; $i<$cnt; $i++){ + $groups[$i] = '@'.auth_nameencode($groups[$i]); + } + + // check groups against superuser and manager + if(in_array(auth_nameencode($conf['superuser'],true), $groups)) return true; + if(!$adminonly){ + if(in_array(auth_nameencode($conf['manager'],true), $groups)) return true; + } } + return false; } |