Bug #27303

t3lib_BEfunc::blindUserNames might use wrong group list collection

Added by Oliver Hader over 8 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2011-06-08
Due date:
% Done:

0%

TYPO3 Version:
4.6
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

The mentioned method used to blind usernames that are not in a set of defined groups uses a wrong group collection.
The check is performed on the be_users field "usergroup_cached_list", this is fine for the current logged in user, however for any other user this might lead to wrong results. The reason is, that "usergroup_cached_list" is written when a user is logged in (see t3lib_userAuthGroup::fetchGroupData()).

Thus, if the groups of a user have been modified, the "usergroup_cached_list" will stay unmodified until the next login of the accordant user.


Related issues

Related to TYPO3 Core - Bug #15250: t3lib_BEfunc::blindUserNames() does not work sometimes Closed 2005-11-30

History

#1 Updated by Alexander Opitz over 5 years ago

  • Status changed from New to Needs Feedback
  • Is Regression set to No

Hi,

as this issue is very old. Does the problem still exists within newer versions of TYPO3 CMS (6.2.4)?

#2 Updated by Alexander Opitz about 5 years ago

  • Status changed from Needs Feedback to Closed

No feedback within the last 90 days => closing this issue.

If you think that this is the wrong decision or experience this issue again, then please write to the mailing list typo3.teams.bugs with issue number and an explanation or open a new ticket and add a relation to this ticket number.

Also available in: Atom PDF