Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 0.16.14

Bug #569 LiveUser::unfreeze lax success condition
Submitted: 2004-01-13 19:23 UTC
From: jmikola at burgiss dot com Assigned: lsmith
Status: Closed Package: LiveUser
PHP Version: Irrelevant OS: ANY
Roadmaps: (Not assigned)    

 [2004-01-13 19:23 UTC] jmikola at burgiss dot com
Description: ------------ i believe the success condition for this function is quite lax. it's possible that the 'auth' session variable may be set, perhaps to an integer where an array is expected, and qualify for success. also, success is in no way determined by the 'perm' session variable. in the style of other methods, such as the get-containers, success doesn't have to depend on whether the containers instantiate correctly, but it should validate the data passed for that istantiation. so, consider the following checks for a failure case: 1. is 'auth' session variable an array 2. is 'auth_name' session variable set and a valid name (non-empty perhaps) 3. is 'perm' session variable an array arnaud lightly addressed this issue in the mailing list, and pointed out that the auth/perm objects would not be arrays; however, i was referring to the frozen session variables, which are arrays. i think the success of unfreezing should concern itself with the validity of those frozen arrays that it uses to construct the objects.


 [2004-01-26 10:40 UTC] lsmith
I agree that we could add a few more sanity checks