[Tickets #4133] NEW: Fault in group backend produces open group membership
bugs@bugs.horde.org
bugs at bugs.horde.org
Fri Jul 7 21:58:53 PDT 2006
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: https://dev.horde.org/horde/whups/ticket/?id=4133
-----------------------------------------------------------------------
Ticket | 4133
Created By | Ben Klang <ben at alkaloid.net>
Summary | Fault in group backend produces open group membership
Queue | Horde Framework Packages
Version | HEAD
State | Unconfirmed
Priority | 3. High
Type | Bug
Owners |
+New Attachment | group-safe-return-on-error.patch
-----------------------------------------------------------------------
Ben Klang <ben at alkaloid.net> (2006-07-07 21:58) wrote:
If the group storage backend faults and throws a PEAR::Error it gets passed
back up the stack. The problem is that many callers take this non-false
return for true. This allows users access to groups (and potentially
access to "secure" areas) they otherwise wouldn't.
This patch logs the error and returns false.
More information about the bugs
mailing list