summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorcedric2017-04-22 22:49:04 (GMT)
committerJason Flatt2017-04-22 22:49:04 (GMT)
commit6812cd855e3f43b0b9947ed6b458d67ca79b4b5e (patch)
treed3d5a4fdfa165eaaf8bb21890c725a03be482d59
parentc4226e68b9ea593fb25f512d6a726a07dfb45854 (diff)
Issue #2033161 by cedric, dgtlmoon, ptmkenny, Berdir, rfay: privatemsg_thread_load returns messages from all other threads when no access to requested thread
-rwxr-xr-xprivatemsg.module4
-rw-r--r--privatemsg.test5
2 files changed, 8 insertions, 1 deletions
diff --git a/privatemsg.module b/privatemsg.module
index ac72c85..c63b4b1 100755
--- a/privatemsg.module
+++ b/privatemsg.module
@@ -545,7 +545,9 @@ function privatemsg_thread_load($thread_id, $account = NULL, $start = NULL, $use
$conditions['account'] = $account;
}
- // #2033161 privatemsg_message_load_multiple will load all threads if empty
+ // If the $ids parameter is empty, privatemsg_message_load_multiple will
+ // load all threads.
+ // @see https://drupal.org/node/2033161
$ids = $query->execute()->fetchCol();
if (count($ids)) {
$thread['messages'] = privatemsg_message_load_multiple($ids, $conditions);
diff --git a/privatemsg.test b/privatemsg.test
index 33cd243..5f987a9 100644
--- a/privatemsg.test
+++ b/privatemsg.test
@@ -85,6 +85,11 @@ class PrivatemsgTestCase extends PrivatemsgBaseTestCase {
$subject = $this->randomName(20);
$body = $this->randomName(50);
+ // Make sure that $no_recipient is involved in another thread to assert that
+ // no unrelated messages are displayed.
+ // @see https://drupal.org/node/2033161
+ $unrelated = privatemsg_new_thread(array($no_recipient), $subject, $body, array('author' => $author));
+
$response = privatemsg_new_thread(array($recipient), $subject, $body, array('author' => $author));
$this->drupalLogin($user_no_read_msg);