Index: modules/user/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.module,v
retrieving revision 1.851
diff -u -p -r1.851 user.module
--- modules/user/user.module	3 Oct 2007 13:01:04 -0000	1.851
+++ modules/user/user.module	6 Oct 2007 13:08:18 -0000
@@ -453,19 +453,16 @@ function user_access($string, $account =
   // To reduce the number of SQL queries, we cache the user's permissions
   // in a static variable.
   if (!isset($perm[$account->uid])) {
-    $result = db_query("SELECT DISTINCT(p.perm) FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid WHERE r.rid IN (". db_placeholders($account->roles) .")", array_keys($account->roles));
+    $result = db_query("SELECT p.perm FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid WHERE r.rid IN (". db_placeholders($account->roles) .")", array_keys($account->roles));
 
-    $perm[$account->uid] = '';
+    $perms = array();
     while ($row = db_fetch_object($result)) {
-      $perm[$account->uid] .= "$row->perm, ";
+      $perms[] = explode(', ', $row->perm);
     }
+    $perm[$account->uid] = array_unique($perms);
   }
 
-  if (isset($perm[$account->uid])) {
-    return strpos($perm[$account->uid], "$string, ") !== FALSE;
-  }
-
-  return FALSE;
+  return in_array($string, $perm[$account->uid]);
 }
 
 /**
