Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Bug found with class.activitymodel

edited January 2010 in Vanilla 2.0 - 2.8
Backtrace:
[.../vanilla2/library/core/functions.error.php:132] PHP::include();
[.../vanilla2/applications/garden/models/class.activitymodel.php:157] PHP::ErrorHandler();
[.../vanilla2/applications/garden/models/class.activitymodel.php:149] Gdn_ActivityModel->SendNotification();
[.../vanilla2/library/core/functions.general.php:62] Gdn_ActivityModel->Add();
[.../vanilla2/applications/garden/models/class.usermodel.php:485] PHP::AddActivity();
[.../vanilla2/applications/garden/models/class.usermodel.php:1202] Gdn_UserModel->SaveRoles();
[.../vanilla2/library/core/class.handshakeauthenticator.php:186] Gdn_UserModel->Synchronize();
[.../vanilla2/library/core/class.session.php:225] Gdn_HandshakeAuthenticator->GetIdentity();
[.../vanilla2/index.php:30] Gdn_Session->Start();

What happens is:
class.session.php@225
$this->UserID = $Authenticator->GetIdentity();

... then nests inwards until
class.usermodel.php@480
AddActivity(
$Session->UserID,
'RoleChange',
$Story,
$UserID
);

At that point $Session->UserID is 0 and it screws up ActivityQuery because there isn't a user with id=0 to do join with.

Comments

Sign In or Register to comment.