Details
-
Bug
-
Resolution: Fixed
-
Medium
-
3.9.2, 3.9.3
-
None
-
Operating System:
PHP Version: 4.4.4
Database and version:
Browser (and version):
Description
module content/action.php at line 67, override any post variables whose key matches LastPostVars session variable
// Merge post variables and variables that were used before login if ( $http->hasSessionVariable( 'LastPostVars' ) ) { $post =& $http->attribute( 'post' ); $post = array_merge( $post, $http->sessionVariable( 'LastPostVars' ) ); unset( $post ); $http->removeSessionVariable( 'LastPostVars' ); }
changing the order of variables at array_merge function call , worked around the problem:
the code below seems to work ok
// Merge post variables and variables that were used before login if ( $http->hasSessionVariable( 'LastPostVars' ) ) { $post =& $http->attribute( 'post' ); $post = array_merge( $http->sessionVariable( 'LastPostVars' ), $post ); unset( $post ); $http->removeSessionVariable( 'LastPostVars' ); }
Steps to reproduce
Open your site as anonymous ( use a public siteaccess ), then try to create a content from there whose permissions require you to login before , after getting the ezpublish error because of lack of permissions, do login and try again