Bug #27303

t3lib_BEfunc::blindUserNames might use wrong group list collection

Added by Oliver Hader over 10 years ago. Updated about 7 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2011-06-08
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.6
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

The mentioned method used to blind usernames that are not in a set of defined groups uses a wrong group collection.
The check is performed on the be_users field "usergroup_cached_list", this is fine for the current logged in user, however for any other user this might lead to wrong results. The reason is, that "usergroup_cached_list" is written when a user is logged in (see t3lib_userAuthGroup::fetchGroupData()).

Thus, if the groups of a user have been modified, the "usergroup_cached_list" will stay unmodified until the next login of the accordant user.


Related issues

Related to TYPO3 Core - Bug #15250: t3lib_BEfunc::blindUserNames() does not work sometimesClosed2005-11-30

Actions
Is duplicate of TYPO3 Core - Bug #79565: Workspaces, cached usergroup is used for notification emailClosed2017-01-31

Actions

Also available in: Atom PDF