Jump to content

Recommended Posts

Posted (edited)

This issue is reproducible only on a page with 2 editors with each having a different area assigned:

  • Create a page with 2 editors in it. Let's say the editors use the following keys in the same application:
    • EditorA
    • EditorB

 

Case 1: Disable the button ONLY for editor A

The button is disabled for both editors A and B.

 

Case 2: Disable the button ONLY for editor B

The button is visible for both editors A and B.

 

===

If you have 2 editors (A & B) that use 2 different areas on the same page, the cached result of the first editor (A) displayed on the page is always used for the second editor (B) without checking if the button is actually available also for the second area.

 

This issue is caused by the static function \IPS\Text\Parser::canUse( $member, $key, $area ) because it caches the result of each button only using 2 values: member_id and $key:

static::$permissions[ $member->member_id ][ $key ];

 

The $area value is only checked if there is no cached result:

	/**
	 * Can use plugin?
	 *
	 * @param	\IPS\Member	$member	The member
	 * @param	string		$key	Plugin key
	 * @param	string		$area	The Editor area
	 * @return	bool
	 */
	public static function canUse( \IPS\Member $member, $key, $area )
	{
		$permissionSettings = json_decode( \IPS\Settings::i()->ckeditor_permissions, TRUE );
		
		if ( !isset( static::$permissions[ $member->member_id ][ $key ] ) )
		{
			if ( !isset( $permissionSettings[ $key ] ) )
			{
				static::$permissions[ $member->member_id ][ $key ] = TRUE;
			}
			else
			{
				$val = TRUE;
				if ( $permissionSettings[ $key ]['groups'] !== '*' )
				{
					if ( !$member->inGroup( $permissionSettings[ $key ]['groups'] ) )
					{
						$val = FALSE;
					}
				}
				if ( $permissionSettings[ $key ]['areas'] !== '*' )
				{
					if ( !\in_array( $area, $permissionSettings[ $key ]['areas'] ) )
					{
						$val = FALSE;
					}
				}
				static::$permissions[ $member->member_id ][ $key ] = $val;
			}
		}
		
		return static::$permissions[ $member->member_id ][ $key ];
	}

 

 

If you also want to slightly optimize the code, the json_decode() call can be moved inside the first IF since the data isn't used if a cached result is found.

Edited by teraßyte
Posted

Thank you for bringing this issue to our attention! I can confirm this should be further reviewed and I have logged an internal bug report for our development team to investigate and address as necessary, in a future maintenance release.

 

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...