6
I found the &%$# bastard!
I think this was the smartest one I found so far and still, I am not able to reproduce it.
So I found something was wrong in the edit user form because after editing a user info you will notice that no debug is showed.
Yet, if you edit a info of an admin user the debug info will display.
After dumping the xoopsUser object I noticed the debug info was not showed because the XoopsUser object was somehow corrupted and gaining some of its values from the user we were editing.
At this point I already knew the end of this bug was close.
I was able to isolate the exact point when the corruption was taking point.
in system/admin/users/main.php
$op = 'mod_users';
include_once XOOPS_ROOT_PATH."/modules/system/admin/users/users.php";
//at this point all is ok
if (isset($_POST)) {
foreach ( $_POST as $k => $v ) {
${$k} = $v;
}
}
// at this point xoopsUser gets corrupted and current user(the admin) does not belong to admins group anymore
So I filtered the $_POST array until I get the guilty one:
$_POST['groups'];
It seems that (under some server enviroment I guess) the $groups variable is already set and for some reason I can´t figure, it doesn´t update the value correctly.
So what I done was to unset 'groups' before the loop. If you notice the debug info will now show no matter what user you are editing and the global $xoopsUser is correctly set.
The hack:
$op = 'mod_users';
include_once XOOPS_ROOT_PATH."/modules/system/admin/users/users.php";
unset($groups);
if (isset($_POST)) {
foreach ( $_POST as $k => $v ) {
${$k} = $v;
}
}
