# HG changeset patch
# User Dan
# Date 1260217307 18000
# Node ID a1770361ef88c398940b31ae9aba9b29123c715e
# Parent  87cd48776632e9ac4afb8e8c9deb8d17eac5ebdf
Sessions: Made acl_check_deps() verify scope, so that all of an action's dependencies must apply to the namespace of the given action.

diff -r 87cd48776632 -r a1770361ef88 includes/sessions.php
--- a/includes/sessions.php	Mon Dec 07 15:12:55 2009 -0500
+++ b/includes/sessions.php	Mon Dec 07 15:21:47 2009 -0500
@@ -3353,6 +3353,8 @@
    
   function acl_check_deps($type, $debug = false)
   {
+    global $paths;
+    
     // This will only happen if the permissions table is hacked or improperly accessed
     if(!isset($this->acl_deps[$type]))
       return true;
@@ -3367,6 +3369,12 @@
       for ( $i = 0; $i < $j; $i++ )
       {
         $b = $deps;
+        if ( !$this->check_acl_scope($deps[$i], $paths->namespace) )
+        {
+          // Action $type depends on action $deps[$i] which cannot be satisfied because $deps[$i] is out of scope.
+          trigger_error("acl_check_deps: $type depends on {$deps[$i]} which is not within scope of $paths->namespace; this indicats a bug in ACL rule specification", E_USER_WARNING);
+          return false;
+        }
         $deps = array_merge($deps, $this->acl_deps[$deps[$i]]);
         if( $b == $deps )
         {
@@ -4524,6 +4532,12 @@
       for ( $i = 0; $i < $j; $i++ )
       {
         $b = $deps;
+        if ( !isset($this->acl_deps[$deps[$i]]) )
+        {
+          // Action $type depends on action $deps[$i] which cannot be satisfied because $deps[$i] is out of scope.
+          trigger_error("acl_check_deps: $type depends on {$deps[$i]} which is not within scope of $this->namespace; this indicats a bug in ACL rule specification", E_USER_WARNING);
+          return false;
+        }
         $deps = array_merge($deps, $this->acl_deps[$deps[$i]]);
         if( $b == $deps )
         {