Index: modules/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user.module,v
retrieving revision 1.480
diff -u -Ff -r1.480 user.module
--- modules/user.module	19 Jun 2005 09:06:02 -0000	1.480
+++ modules/user.module	20 Jun 2005 08:48:14 -0000
@@ -304,7 +304,7 @@  *   The permission, such as "administer
  *   (optional) The account to check, if not given use currently logged in user.
  *
  * @return
- *   TRUE iff the current user has the requested permission.
+ *   boolean TRUE if the current user has the requested permission.
  *
  * All permission checks in Drupal should go through this function. This
  * way, we guarantee consistent behavior, and ensure that the superuser
@@ -319,8 +319,8 @@   if (is_null($account)) {
   }
 
   // User #1 has all privileges:
-  if ($account->uid == 1) {
-    return 1;
+  if ((int)$account->uid === 1) {
+    return true;
   }
 
   // To reduce the number of SQL queries, we cache the user's permissions
@@ -329,13 +329,11 @@   if (!isset($perm[$account->uid])) {
     $result = db_query('SELECT DISTINCT(p.perm) FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $account->uid);
 
     while ($row = db_fetch_object($result)) {
-      $perm[$account->uid] .= "$row->perm, ";
+      $perm[$account->uid][] = $row->perm;
     }
   }
-  if (isset($perm[$account->uid])) {
-    return strstr($perm[$account->uid], "$string, ");
-  }
-  return FALSE;
+
+  return isset($perm[$account->uid]) && in_array($string, $perm[$account->uid]);
 }
 
 /**