2017-01-13 Fred Gleason <fredg@paravelsystems.com>

* Fixed a bug in 'lib/rduser.cpp' that caused the 'RDUser::groupAuthorized()' to return false positive results.
2025-07-30 15:39:31 +02:00 · 2017-01-13 19:03:22 -05:00 · 2017-01-13 19:03:22 -05:00 · 21dcac3e4a
commit 21dcac3e4a
parent 7df68e7ffd
2 changed files with 6 additions and 3 deletions
--- a/3
+++ b/3
@ -15507,3 +15507,6 @@
 	* Fixed a bug in 'rdlogedit/edit_log.cpp' that caused the Modified
 	datestamp to be updated when 'OK' was clicked even if no changes
 	were made.
+2017-01-13 Fred Gleason <fredg@paravelsystems.com>
+	* Fixed a bug in 'lib/rduser.cpp' that caused the
+	'RDUser::groupAuthorized()' to return false positive results.
--- a/lib/rduser.cpp
+++ b/lib/rduser.cpp
@ -390,9 +390,9 @@ bool RDUser::groupAuthorized(const QString &group_name)
  RDSqlQuery *q;
  bool ret=false;

-  sql=QString().
-    sprintf("select GROUP_NAME from USER_PERMS where USER_NAME=\"%s\"",
-	    (const char *)RDEscapeString(user_name));
+  sql=QString("select GROUP_NAME from USER_PERMS where ")+
+    "(USER_NAME=\""+RDEscapeString(user_name)+"\")&&"+
+    "(GROUP_NAME=\""+RDEscapeString(group_name)+"\")";
  q=new RDSqlQuery(sql);
  ret=q->first();
  delete q;