Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 0.16.14

Bug #571 LiveUser::checkRight may succeed when not logged in
Submitted: 2004-01-13 19:29 UTC
From: jmikola at burgiss dot com Assigned: lsmith
Status: Closed Package: LiveUser
PHP Version: Irrelevant OS: ANY
Roadmaps: (Not assigned)    
Subscription  


 [2004-01-13 19:29 UTC] jmikola at burgiss dot com
Description: ------------ this method, although understandably a wrapper for the perm container, does not affirm that the user is still logged in and/or $_auth is not null before proceeding to check the rights of the user. the logout() function only bothers to set $_auth to null when cleaning up. given that, it seems possible that the LoginManager could logout a user, but still check rights on him... which doesn't seem reasonable since, for all intents and purposes, logging out effectly shuts down most of the rest of the LoginManager... and if there's no user logged in anymore, there should no longer be an association with the old user's perm container (which was initialized with his user id).

Comments

 [2004-01-26 10:42 UTC] lsmith
I think logout should simply also set $this->_perm = null;
 [2004-02-03 22:45 UTC] lsmith
This bug has been fixed in CVS. In case this was a documentation problem, the fix will show up at the end of next Sunday (CET) on pear.php.net. In case this was a pear.php.net website problem, the change will show up on the website in short time. Thank you for the report, and for helping us make PEAR better.