Fix duplicate creation of acl options in acl_add_options() under certain conditions. (Bug #38385, #40225)

Add unique key to ACL options table to prevent duplicate permission options. (Bug #41835) git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9400 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-03-01 14:32:54 +01:00 · 2009-03-20 13:22:19 +00:00 · 2009-03-20 13:22:19 +00:00 · 0f162568f2
commit 0f162568f2
parent 06c4fbf81f
11 changed files with 343 additions and 260 deletions
--- a/phpBB/develop/create_schema_files.php
+++ b/phpBB/develop/create_schema_files.php
@ -855,7 +855,7 @@ function get_schema_struct()
 		),
 		'PRIMARY_KEY'	=> 'auth_option_id',
 		'KEYS'			=> array(
-			'auth_option'		=> array('INDEX', 'auth_option'),
+			'auth_option'		=> array('UNIQUE', 'auth_option'),
 		),
 	);

--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@ -126,6 +126,7 @@
 		<li>[Fix] Use FQDN for SMTP EHLO/HELO command. (Bug #41025)</li>
 		<li>[Fix] Mass Email works again for users with empty jabber address but notification set to 'both'. (Bug #39755)</li>
 		<li>[Fix] Fix race condition for updating post/topic/etc. counter. (reported by BartVB)</li>
+		<li>[Fix] Fix duplicate creation of acl options in acl_add_options() under certain conditions. (Bug #38385, #40225)</li>
 		<li>[Change] Allow download of conflicting file for later reference in automatic updater</li>
 		<li>[Change] Default difference view is now 'inline' instead of 'side by side'</li>
 		<li>[Change] Added new option for merging differences to conflicting files in automatic updater</li>
@ -133,6 +134,7 @@
 		<li>[Change] Add link to user profile in the MCP for user notes and warn user.</li>
 		<li>[Change] Add IN_PHPBB check to generated cache files. (reported by bantu)</li>
 		<li>[Change] Add topic icons to prosilver UCP main and subscribed templates (Bug #42735 - Patch by Raimon)</li>
+		<li>[Change] Add unique key to ACL options table to prevent duplicate permission options. (Bug #41835)</li>
 		<li>[Feature] Allow translation of custom BBCode help messages. (Patch by bantu)</li>
 		<li>[Feature] db_tools now support create table and drop table.</li>
 		<li>[Feature] Database updater checks for incompatible db schema (MySQL 3.x/4.x against MySQL 4.1.x/5.x/6.x)</li>
--- a/phpBB/includes/acp/auth.php
+++ b/phpBB/includes/acp/auth.php
@ -58,7 +58,7 @@ class auth_admin extends auth
 			$cache->put('_acl_options', $this->acl_options);
 		}
 	}
-	
+
 	/**
 	* Get permission mask
 	* This function only supports getting permissions of one type (for example a_)
@ -140,7 +140,7 @@ class auth_admin extends auth
 					$auth2 = &$auth;
 				}

-				
+
 				$hold_ary[$userdata['user_id']] = array();
 				foreach ($forum_ids as $f_id)
 				{
@ -345,7 +345,7 @@ class auth_admin extends auth

 		// Build js roles array (role data assignments)
 		$s_role_js_array = '';
-		
+
 		if (sizeof($roles))
 		{
 			$s_role_js_array = array();
@ -696,6 +696,7 @@ class auth_admin extends auth

 		$cur_options = array();

+		// Determine current options
 		$sql = 'SELECT auth_option, is_global, is_local
 			FROM ' . ACL_OPTIONS_TABLE . '
 			ORDER BY auth_option_id';
@ -703,15 +704,7 @@ class auth_admin extends auth

 		while ($row = $db->sql_fetchrow($result))
 		{
-			if ($row['is_global'])
-			{
-				$cur_options['global'][] = $row['auth_option'];
-			}
-
-			if ($row['is_local'])
-			{
-				$cur_options['local'][] = $row['auth_option'];
-			}
+			$cur_options[$row['auth_option']] = ($row['is_global'] && $row['is_local']) ? 'both' : (($row['is_global']) ? 'global' : 'local');
 		}
 		$db->sql_freeresult($result);

@ -726,14 +719,11 @@ class auth_admin extends auth

 			foreach ($option_ary as $option_value)
 			{
-				if (!in_array($option_value, $cur_options[$type]))
-				{
-					$new_options[$type][] = $option_value;
-				}
+				$new_options[$type][] = $option_value;

 				$flag = substr($option_value, 0, strpos($option_value, '_') + 1);

-				if (!in_array($flag, $cur_options[$type]) && !in_array($flag, $new_options[$type]))
+				if (!in_array($flag, $new_options[$type]))
 				{
 					$new_options[$type][] = $flag;
 				}
@ -744,23 +734,53 @@ class auth_admin extends auth
 		$options = array();
 		$options['local'] = array_diff($new_options['local'], $new_options['global']);
 		$options['global'] = array_diff($new_options['global'], $new_options['local']);
-		$options['local_global'] = array_intersect($new_options['local'], $new_options['global']);
+		$options['both'] = array_intersect($new_options['local'], $new_options['global']);

-		$sql_ary = array();
+		// Now check which options to add/update
+		$add_options = $update_options = array();

+		// First local ones...
 		foreach ($options as $type => $option_ary)
 		{
 			foreach ($option_ary as $option)
 			{
-				$sql_ary[] = array(
-					'auth_option'	=> (string) $option,
-					'is_global'		=> ($type == 'global' || $type == 'local_global') ? 1 : 0,
-					'is_local'		=> ($type == 'local' || $type == 'local_global') ? 1 : 0
-				);
+				if (!isset($cur_options[$option]))
+				{
+					$add_options[] = array(
+						'auth_option'	=> (string) $option,
+						'is_global'		=> ($type == 'global' || $type == 'both') ? 1 : 0,
+						'is_local'		=> ($type == 'local' || $type == 'both') ? 1 : 0
+					);
+
+					continue;
+				}
+
+				// Else, update existing entry if it is changed...
+				if ($type === $cur_options[$option])
+				{
+					continue;
+				}
+
+				// New type is always both:
+				// If is now both, we set both.
+				// If it was global the new one is local and we need to set it to both
+				// If it was local the new one is global and we need to set it to both
+				$update_options[] = $option;
 			}
 		}

-		$db->sql_multi_insert(ACL_OPTIONS_TABLE, $sql_ary);
+		if (!empty($add_options))
+		{
+			$db->sql_multi_insert(ACL_OPTIONS_TABLE, $add_options);
+		}
+
+		if (!empty($update_options))
+		{
+			$sql = 'UPDATE ' . ACL_OPTIONS_TABLE . '
+				SET is_global = 1, is_local = 1
+				WHERE ' . $db->sql_in_set('auth_option', $update_options);
+			$db->sql_query($sql);
+		}

 		$cache->destroy('_acl_options');
 		$this->acl_clear_prefetch();
@ -802,7 +822,7 @@ class auth_admin extends auth
 		reset($auth);
 		$flag = key($auth);
 		$flag = substr($flag, 0, strpos($flag, '_') + 1);
-		
+
 		// This ID (the any-flag) is set if one or more permissions are true...
 		$any_option_id = (int) $this->acl_options['id'][$flag];

@ -916,7 +936,7 @@ class auth_admin extends auth
 		reset($auth);
 		$flag = key($auth);
 		$flag = substr($flag, 0, strpos($flag, '_') + 1);
-		
+
 		// Remove any-flag from auth ary
 		if (isset($auth[$flag]))
 		{
@ -1067,7 +1087,7 @@ class auth_admin extends auth
 		{
 			$where_sql[] = $db->sql_in_set('auth_option_id', array_map('intval', $option_id_ary));
 		}
-		
+
 		$sql = "DELETE FROM $table
 			WHERE " . implode(' AND ', $where_sql);
 		$db->sql_query($sql);
@ -1090,7 +1110,7 @@ class auth_admin extends auth
 				'S_YES'		=> ($cat_array['S_YES'] && !$cat_array['S_NEVER'] && !$cat_array['S_NO']) ? true : false,
 				'S_NEVER'	=> ($cat_array['S_NEVER'] && !$cat_array['S_YES'] && !$cat_array['S_NO']) ? true : false,
 				'S_NO'		=> ($cat_array['S_NO'] && !$cat_array['S_NEVER'] && !$cat_array['S_YES']) ? true : false,
-							
+
 				'CAT_NAME'	=> $user->lang['permission_cat'][$cat])
 			);

@ -1179,9 +1199,9 @@ class auth_admin extends auth
 						'lang'	=> '{ acl_' . $permission . ' }'
 					);
 				}
-			
+
 				$cat = $user->lang['acl_' . $permission]['cat'];
-			
+
 				// Build our categories array
 				if (!isset($categories[$cat]))
 				{
--- a/phpBB/install/database_update.php
+++ b/phpBB/install/database_update.php
@ -894,10 +894,10 @@ function change_database_data(&$no_updates, $version)
 			set_config('captcha_gd_wave', 0);
 			set_config('captcha_gd_3d_noise', 1);
 			set_config('captcha_gd_fonts', 1);
+
 			set_config('confirm_refresh', 1);

-
-
+			// Hash old MD5 passwords
 			$sql = 'SELECT user_id, user_password
 					FROM ' . USERS_TABLE . '
 					WHERE user_pass_convert = 1';
@ -916,11 +916,73 @@ function change_database_data(&$no_updates, $version)
 			}
 			$db->sql_freeresult($result);

+			// Adjust bot entry
 			$sql = 'UPDATE ' . BOTS_TABLE . "
 				SET bot_agent = 'ichiro/'
 				WHERE bot_agent = 'ichiro/2'";
 			_sql($sql, $errored, $error_ary);

+			// Before we are able to add a unique key to auth_option, we need to remove duplicate entries
+
+			// We get duplicate entries first
+			$sql = 'SELECT auth_option
+				FROM ' . ACL_OPTIONS_TABLE . '
+				GROUP BY auth_option
+				HAVING COUNT(*) >= 1';
+			$result = $db->sql_query($sql);
+
+			$auth_options = array();
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$auth_options[] = $row['auth_option'];
+			}
+			$db->sql_freeresult($result);
+
+			// Remove specific auth options
+			if (!empty($auth_options))
+			{
+				foreach ($auth_options as $option)
+				{
+					// Select auth_option_ids... the largest id will be preserved
+					$sql = 'SELECT auth_option_id
+						FROM ' . ACL_OPTIONS_TABLE . "
+						WHERE auth_option = '" . $db->sql_escape($option) . "'
+						ORDER BY auth_option_id DESC";
+					$result = $db->sql_query_limit($sql, 0, 1);
+
+					while ($row = $db->sql_fetchrow($result))
+					{
+						// Ok, remove this auth option...
+						_sql('DELETE FROM ' . ACL_OPTIONS_TABLE . ' WHERE auth_option_id = ' . $row['auth_option_id'], $errored, $error_ary);
+						_sql('DELETE FROM ' . ACL_ROLES_DATA_TABLE . ' WHERE auth_option_id = ' . $row['auth_option_id'], $errored, $error_ary);
+						_sql('DELETE FROM ' . ACL_GROUPS_TABLE . ' WHERE auth_option_id = ' . $row['auth_option_id'], $errored, $error_ary);
+						_sql('DELETE FROM ' . ACL_USERS_TABLE . ' WHERE auth_option_id = ' . $row['auth_option_id'], $errored, $error_ary);
+					}
+					$db->sql_freeresult($result);
+				}
+			}
+
+			// Now make auth_option UNIQUE, by dropping the old index and adding a UNIQUE one.
+			$changes = array(
+				'drop_keys'			=> array(
+					ACL_OPTIONS_TABLE		=> array('auth_option'),
+				),
+				'add_unique_index'	=> array(
+					ACL_OPTIONS_TABLE		=> array(
+						'auth_option'		=> array('auth_option'),
+					),
+				),
+			);
+
+			global $db_tools;
+
+			$statements = $db_tools->perform_schema_changes($changes);
+
+			foreach ($statements as $sql)
+			{
+				_sql($sql, $errored, $error_ary);
+			}
+
 			$no_updates = false;

 		break;
--- a/phpBB/install/schemas/firebird_schema.sql
+++ b/phpBB/install/schemas/firebird_schema.sql
@ -65,7 +65,7 @@ CREATE TABLE phpbb_acl_options (

 ALTER TABLE phpbb_acl_options ADD PRIMARY KEY (auth_option_id);;

-CREATE INDEX phpbb_acl_options_auth_option ON phpbb_acl_options(auth_option);;
+CREATE UNIQUE INDEX phpbb_acl_options_auth_option ON phpbb_acl_options(auth_option);;

 CREATE GENERATOR phpbb_acl_options_gen;;
 SET GENERATOR phpbb_acl_options_gen TO 0;;
--- a/phpBB/install/schemas/mssql_schema.sql
+++ b/phpBB/install/schemas/mssql_schema.sql
--- a/phpBB/install/schemas/mysql_40_schema.sql
+++ b/phpBB/install/schemas/mysql_40_schema.sql
@ -49,7 +49,7 @@ CREATE TABLE phpbb_acl_options (
 	is_local tinyint(1) UNSIGNED DEFAULT '0' NOT NULL,
 	founder_only tinyint(1) UNSIGNED DEFAULT '0' NOT NULL,
 	PRIMARY KEY (auth_option_id),
-	KEY auth_option (auth_option)
+	UNIQUE auth_option (auth_option)
 );


--- a/phpBB/install/schemas/mysql_41_schema.sql
+++ b/phpBB/install/schemas/mysql_41_schema.sql
@ -49,7 +49,7 @@ CREATE TABLE phpbb_acl_options (
 	is_local tinyint(1) UNSIGNED DEFAULT '0' NOT NULL,
 	founder_only tinyint(1) UNSIGNED DEFAULT '0' NOT NULL,
 	PRIMARY KEY (auth_option_id),
-	KEY auth_option (auth_option)
+	UNIQUE auth_option (auth_option)
 ) CHARACTER SET `utf8` COLLATE `utf8_bin`;


--- a/phpBB/install/schemas/oracle_schema.sql
+++ b/phpBB/install/schemas/oracle_schema.sql
@ -119,12 +119,11 @@ CREATE TABLE phpbb_acl_options (
 	is_global number(1) DEFAULT '0' NOT NULL,
 	is_local number(1) DEFAULT '0' NOT NULL,
 	founder_only number(1) DEFAULT '0' NOT NULL,
-	CONSTRAINT pk_phpbb_acl_options PRIMARY KEY (auth_option_id)
+	CONSTRAINT pk_phpbb_acl_options PRIMARY KEY (auth_option_id),
+	CONSTRAINT u_phpbb_auth_option UNIQUE (auth_option)
 )
 /

-CREATE INDEX phpbb_acl_options_auth_option ON phpbb_acl_options (auth_option)
-/

 CREATE SEQUENCE phpbb_acl_options_seq
 /
@ -821,7 +820,7 @@ CREATE TABLE phpbb_poll_votes (
 	topic_id number(8) DEFAULT '0' NOT NULL,
 	poll_option_id number(4) DEFAULT '0' NOT NULL,
 	vote_user_id number(8) DEFAULT '0' NOT NULL,
-	vote_user_ip varchar2(40) DEFAULT '' 
+	vote_user_ip varchar2(40) DEFAULT ''
 )
 /

@ -1465,7 +1464,7 @@ CREATE TABLE phpbb_styles_template_data (
 	template_filename varchar2(100) DEFAULT '' ,
 	template_included clob DEFAULT '' ,
 	template_mtime number(11) DEFAULT '0' NOT NULL,
-	template_data clob DEFAULT '' 
+	template_data clob DEFAULT ''
 )
 /

--- a/phpBB/install/schemas/postgres_schema.sql
+++ b/phpBB/install/schemas/postgres_schema.sql
@ -140,7 +140,7 @@ CREATE TABLE phpbb_acl_options (
 	PRIMARY KEY (auth_option_id)
 );

-CREATE INDEX phpbb_acl_options_auth_option ON phpbb_acl_options (auth_option);
+CREATE UNIQUE INDEX phpbb_acl_options_auth_option ON phpbb_acl_options (auth_option);

 /*
 	Table: 'phpbb_acl_roles'
--- a/phpBB/install/schemas/sqlite_schema.sql
+++ b/phpBB/install/schemas/sqlite_schema.sql
@ -51,7 +51,7 @@ CREATE TABLE phpbb_acl_options (
 	founder_only INTEGER UNSIGNED NOT NULL DEFAULT '0'
 );

-CREATE INDEX phpbb_acl_options_auth_option ON phpbb_acl_options (auth_option);
+CREATE UNIQUE INDEX phpbb_acl_options_auth_option ON phpbb_acl_options (auth_option);

 # Table: 'phpbb_acl_roles'
 CREATE TABLE phpbb_acl_roles (