ACL\Login bug fix for acl:base must always be int

publish/last.published

@@ -1 +1 @@
-9.3.0
+9.3.5

src/ACL/Login.php

@@ -231,8 +231,6 @@ class Login
 	) {
 		// attach db class
 		$this->db = $db;
-		// log login data for this class only
-		$log->setLogFlag(\CoreLibs\Logging\Logger\Flag::per_class);
 		// attach logger
 		$this->log = $log;
 		// attach session class
@@ -1060,9 +1058,9 @@ class Login
 					];
 					// set the default unit
 					if ($res['edit_default']) {
-						$_SESSION['UNIT_DEFAULT'] = $res['edit_access_id'];
+						$_SESSION['UNIT_DEFAULT'] = (int)$res['edit_access_id'];
 					}
-					$_SESSION['UNIT_UID'][$res['uid']] = $res['edit_access_id'];
+					$_SESSION['UNIT_UID'][$res['uid']] = (int)$res['edit_access_id'];
 					// sub arrays for simple access
 					array_push($eauid, $res['edit_access_id']);
 					$unit_acl[$res['edit_access_id']] = $res['level'];
@@ -1148,18 +1146,18 @@ class Login
 			// user > page > group
 			// group ACL 0
 			if ($_SESSION['GROUP_ACL_LEVEL'] != -1) {
-				$this->acl['base'] = $_SESSION['GROUP_ACL_LEVEL'];
+				$this->acl['base'] = (int)$_SESSION['GROUP_ACL_LEVEL'];
 			}
 			// page ACL 1
 			if (
 				isset($_SESSION['PAGES_ACL_LEVEL'][$this->page_name]) &&
 				$_SESSION['PAGES_ACL_LEVEL'][$this->page_name] != -1
 			) {
-				$this->acl['base'] = $_SESSION['PAGES_ACL_LEVEL'][$this->page_name];
+				$this->acl['base'] = (int)$_SESSION['PAGES_ACL_LEVEL'][$this->page_name];
 			}
 			// user ACL 2
 			if ($_SESSION['USER_ACL_LEVEL'] != -1) {
-				$this->acl['base'] = $_SESSION['USER_ACL_LEVEL'];
+				$this->acl['base'] = (int)$_SESSION['USER_ACL_LEVEL'];
 			}
 		}
 		$_SESSION['BASE_ACL_LEVEL'] = $this->acl['base'];
@@ -2347,7 +2345,10 @@ HTML;
 			is_array($_SESSION['UNIT']) &&
 			!array_key_exists($edit_access_id, $_SESSION['UNIT'])
 		) {
-			return $_SESSION['UNIT_DEFAULT'] ?? null;
+			$edit_access_id = null;
+			if (is_numeric($_SESSION['UNIT_DEFAULT'])) {
+				$edit_access_id = (int)$_SESSION['UNIT_DEFAULT'];
+			}
 		}
 		return $edit_access_id;
 	}

src/Admin/Backend.php

@@ -164,6 +164,10 @@ class Backend
 			);
 		}
 		$this->default_acl = $set_default_acl_level ?? DEFAULT_ACL_LEVEL;
+		// if negative or larger than 100, reset to 0
+		if ($this->default_acl < 0 || $this->default_acl > 100) {
+			$this->default_acl = 0;
+		}
 
 		// queue key
 		if (preg_match("/^(add|save|delete|remove|move|up|down|push_live)$/", $this->action)) {

src/DB/IO.php

@@ -309,7 +309,7 @@ class IO
 	// basic vars
 	// the dbh handler, if disconnected by command is null, bool:false on error,
 	/** @var \PgSql\Connection|false|null */
-	private \PgSql\Connection|false|null $dbh;
+	private \PgSql\Connection|false|null $dbh = null;
 	/** @var bool DB_DEBUG ... (if set prints out debug msgs) */
 	private bool $db_debug = false;
 	/** @var string the DB connected to */
@@ -814,13 +814,13 @@ class IO
 		switch ($id) {
 			case 'DB_ERROR':
 				$this->log->error(
-					$debug_id . ' :' . $prefix . $error_string,
+					$prefix . $error_string,
 					$context
 				);
 				break;
 			case 'DB_WARNING':
 				$this->log->warning(
-					$debug_id . ' :' . $prefix . $error_string,
+					$prefix . $error_string,
 					$context
 				);
 				break;
@@ -2057,10 +2057,11 @@ class IO
 	/**
 	 * this is only needed for Postgresql. Converts postgresql arrays to PHP
 	 * Recommended to rather user 'array_to_json' instead and convet JSON in PHP
+	 * or if ARRAY_AGG -> JSONB_AGG
 	 *
 	 * @param  string $text input text to parse to an array
 	 * @return array<mixed> PHP array of the parsed data
-	 * @deprecated Recommended to use 'array_to_json' in PostgreSQL instead
+	 * @deprecated Recommended to use 'array_to_json/jsonb_agg' in PostgreSQL instead
 	 */
 	public function dbArrayParse(string $text): array
 	{