Bug #27303
closed
t3lib_BEfunc::blindUserNames might use wrong group list collection
0%
Description
The mentioned method used to blind usernames that are not in a set of defined groups uses a wrong group collection.
The check is performed on the be_users field "usergroup_cached_list", this is fine for the current logged in user, however for any other user this might lead to wrong results. The reason is, that "usergroup_cached_list" is written when a user is logged in (see t3lib_userAuthGroup::fetchGroupData()).
Thus, if the groups of a user have been modified, the "usergroup_cached_list" will stay unmodified until the next login of the accordant user.
Updated by Alexander Opitz over 10 years ago
- Status changed from New to Needs Feedback
- Is Regression set to No
Hi,
as this issue is very old. Does the problem still exists within newer versions of TYPO3 CMS (6.2.4)?
Updated by Alexander Opitz almost 10 years ago
- Status changed from Needs Feedback to Closed
No feedback within the last 90 days => closing this issue.
If you think that this is the wrong decision or experience this issue again, then please write to the mailing list typo3.teams.bugs with issue number and an explanation or open a new ticket and add a relation to this ticket number.
Updated by Christian Kuhn over 4 years ago
- Is duplicate of Bug #79565: Workspaces, cached usergroup is used for notification email added