Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-11358

/content/action module override post variables when merging with session LastPostVars

    XMLWordPrintable

Details

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Medium Medium
    • 3.10.0
    • 3.9.2, 3.9.3
    • Content (images, XML, PDF, RSS, etc.)
    • None

    • Operating System:
      PHP Version: 4.4.4
      Database and version:
      Browser (and version):

    Description

      module content/action.php at line 67, override any post variables whose key matches LastPostVars session variable

      // Merge post variables and variables that were used before login
if ( $http->hasSessionVariable( 'LastPostVars' ) )
{
    $post =& $http->attribute( 'post' );
    $post = array_merge( $post, $http->sessionVariable( 'LastPostVars' ) );
    unset( $post );
    $http->removeSessionVariable( 'LastPostVars' );
}

      changing the order of variables at array_merge function call , worked around the problem:
      the code below seems to work ok

      // Merge post variables and variables that were used before login
if ( $http->hasSessionVariable( 'LastPostVars' ) )
{
    $post =& $http->attribute( 'post' );
    $post = array_merge( $http->sessionVariable( 'LastPostVars' ),  $post  );
    unset( $post );
    $http->removeSessionVariable( 'LastPostVars' );
}
      Steps to reproduce

      Open your site as anonymous ( use a public siteaccess ), then try to create a content from there whose permissions require you to login before , after getting the ezpublish error because of lack of permissions, do login and try again

      Attachments

        Activity

          People

            rl rl
            296c3a1b-a3f2-4e40-ac73-d40bbf959771@accounts.ibexa.co Lazaro Ferreira
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: