Posted by NaX on July 20, 2010 at 9:40am
5 followers
| Project: | Organic groups |
| Version: | 6.x-2.1 |
| Component: | og.module |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | needs work |
Issue Summary
I found that when ever I updated a user’s subscription by making them an admin or removing them as an admin their subscription created date was reset to the current timestamp.
I can see this being a security issue for modules like "OG Membership Expiration" as a user’s subscription keeps getting extended every time their membership is updated.
The attached path fetches the user’s current created timestamp when a created argument is not passed in.
| Attachment | Size | Status | Test result | Operations |
|---|---|---|---|---|
| og_preserve_created_subscription_date.patch | 664 bytes | Ignored: Check issue status. | None | None |
Comments
#1
This patch fixes this issue for me.
Additional it looks fine.
Here is a patch against og root.
#2
subscribing
#3
@ NaX,
Any change for a small simpletest with this patch?
#4
@Amitaibu
Sorry, I am not yet familiar with simpletest.
#5
@Amitaibu
Is a test the only thing holding back this patch?
#6
@NaX correct, though I need to read the code around it, it doesn't make sense to me that we need an extra SELECT query here.
#7
Okay, this patch should be extended to pass the creation date when the user object is available to the caller, as the creation date is loaded into the user object and we can skip the extra query on those occasions.