PKP Bugzilla – Bug 8266
Editors receiving reviewer notifications get incorrect URLs
Last modified: 2013-09-10 09:23:28 PDT
See http://pkp.sfu.ca/support/forum/viewtopic.php?f=8&t=10133 for details. The problematic line of code appears to be NotificationManager.inc.php line 70 (in OJS 2.4.2).
Looking at this bug a bit more, the notification manager builds the url based on a call to _getCachedRole() which in turn looks at either privilegedRoles() or _getHighestPrivilegedRolesForArticle() for that user. The bug report indicates that a journal editor is getting a link with 'reviewer' as the role, which seems to indicate that highest privileged role isn't the one being returned.
This code also seems to make the assumption that the page op being included in the url exists in the handlers for all possible roles.
Yes, I think that captures the bug. That code is a liability, and already gone for OJS 3.0a, but we ought to be able to patch this particular hole without too much work.
This bug appears to have been fixed in this commit:
Previously, notifications were being created for all users associated with an article. This would have generated incorrect URLs in certain conditions. Users with older installations may still have incorrect notifications in their database, but upgraded installations will not generate incorrect ones any more.