Improve error checking on query

glFusion · Nov 5, 2017 · 6b5d5bf · 6b5d5bf
1 parent 6df74d1
commit 6b5d5bf
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,4 +1,5 @@
 ## v1.7.2 (Unreleased)
+  - Improved error checking when retrieving group list for user
   - Added missing comment_indent configuration option
   - If 'Allow User Photo' was set to false, comments display had a broken image
   - Added siteconfig.php $_SYSTEM option to skip automatic upgrade check in Command & Control

diff --git a/private/system/lib-security.php b/private/system/lib-security.php
@@ -611,11 +611,15 @@ function SEC_getUserPermissions($grp_id='',$uid='')
         $groups = SEC_getUserGroups ($uid);
     }
 
-    $glist = join(',', $groups);
-    $result = DB_query("SELECT DISTINCT ft_name FROM {$_TABLES["access"]},{$_TABLES["features"]} "
-                     . "WHERE ft_id = acc_ft_id AND acc_grp_id IN ($glist)");
+    if ( count($groups) > 0 ) {
+        $glist = join(',', $groups);
+        $result = DB_query("SELECT DISTINCT ft_name FROM {$_TABLES["access"]},{$_TABLES["features"]} "
+                         . "WHERE ft_id = acc_ft_id AND acc_grp_id IN ($glist)");
 
-    $nrows = DB_numrows($result);
+        $nrows = DB_numrows($result);
+    } else  {
+        $nrows = 0;
+    }
     for ($j = 1; $j <= $nrows; $j++) {
         $A = DB_fetchArray($result);
         if ($_SEC_VERBOSE) {