From 00ce12dafb81a8d0cb1385660ddf4e8ad571ed19 Mon Sep 17 00:00:00 2001
From: Chris Smith <chris@jalakai.co.uk>
Date: Sun, 5 Aug 2007 22:33:12 +0200
Subject: Protect auth_ismanager() from auth modules that don't always provide
 group data in array (FS#1196)

darcs-hash:20070805203312-d26fc-cab8dbfff8a2d5f7299fa4462771bafc00135728.gz
---
 inc/auth.php | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

(limited to 'inc/auth.php')

diff --git a/inc/auth.php b/inc/auth.php
index 364346930..79e5513e4 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -277,17 +277,22 @@ function auth_ismanager($user=null,$groups=null,$adminonly=false){
     if(auth_nameencode($conf['manager']) == $user) return true;
   }
 
-  //prepend groups with @ and nameencode
-  $cnt = count($groups);
-  for($i=0; $i<$cnt; $i++){
-    $groups[$i] = '@'.auth_nameencode($groups[$i]);
-  }
+  // check user's groups against superuser and manager
+  if (!empty($groups)) {
 
-  // check groups against superuser and manager
-  if(in_array(auth_nameencode($conf['superuser'],true), $groups)) return true;
-  if(!$adminonly){
-    if(in_array(auth_nameencode($conf['manager'],true), $groups)) return true;
+    //prepend groups with @ and nameencode
+    $cnt = count($groups);
+    for($i=0; $i<$cnt; $i++){
+      $groups[$i] = '@'.auth_nameencode($groups[$i]);
+    }
+
+    // check groups against superuser and manager
+    if(in_array(auth_nameencode($conf['superuser'],true), $groups)) return true;
+    if(!$adminonly){
+      if(in_array(auth_nameencode($conf['manager'],true), $groups)) return true;
+    }
   }
+
   return false;
 }
 
-- 
cgit v1.2.3