[drupal-devel] [bug] Deleting Users & validate role name
Issue status update for http://drupal.org/node/27951 Post a follow up: http://drupal.org/project/comments/add/27951 Project: Drupal Version: cvs Component: user.module Category: bug reports Priority: normal Assigned to: Anonymous Reported by: kubaZygmunt Updated by: kubaZygmunt Status: patch (code needs review) Attachment: http://drupal.org/files/issues/user.module.patch.txt (914 bytes) I've found two bugs in user.module 1. Deleting button in admin section doesn't work ( deleting works only by url user/$id/delete ), I've upadated condition 2. If you change role name to 0 then system deletes role. (I've added isset($edit['name') ) kubaZygmunt
Issue status update for http://drupal.org/node/27951 Post a follow up: http://drupal.org/project/comments/add/27951 Project: Drupal Version: cvs Component: user.module Category: bug reports Priority: normal Assigned to: Anonymous Reported by: kubaZygmunt Updated by: Robrecht Jacques Status: patch (code needs review) Attachment: http://drupal.org/files/issues/user-delete_user.patch (989 bytes) (patch bingo) I can confirm the "user doesn't delete" bug exists. But maybe someone has to look at it a bit more closely. I observe the following: * go to "admin/user", create a new account (eg "test" with uid = 42); * if you click on the "user/admin" page on the "edit" link for the "test" user, you go to "user/42/edit&destination=admin%2Fuser"; * if you then click on "Delete", the user is not deleted and one goes back to "user/admin" == BUG; * however, if you go to "user/42/edit" directly (or by going to "user/42/view" and then click on the "edit" tab), there is no "destination=..." in the url and then the "Delete" button works. Basically, the code: else if ($_POST['op'] == t('Delete')) { // Note: we redirect from user/uid/edit to user/uid/delete to make the tabs disappear. drupal_goto("user/$account->uid/delete"); } does not work when there is already a "destination=..." in the request. The patch does fix it, but the tabs (edit/view) are shown on the confirmation page. As someone has put a comment about this in the code, I think someone thinks strongy against having these tabs there. As for the second bug I can confirm this: you can't change a role name to "0", but you can change it to "1". The patch fixes it, but allowed the name of the role to be set to '' (empty string) too. Rerolled the patch - but someone still has to look at this "drupal_goto()" thingy. Robrecht Jacques Previous comments: ------------------------------------------------------------------------ Mon, 01 Aug 2005 13:17:00 +0000 : kubaZygmunt Attachment: http://drupal.org/files/issues/user.module.patch.txt (914 bytes) I've found two bugs in user.module 1. Deleting button in admin section doesn't work ( deleting works only by url user/$id/delete ), I've upadated condition 2. If you change role name to 0 then system deletes role. (I've added isset($edit['name') )
Issue status update for http://drupal.org/node/27951 Post a follow up: http://drupal.org/project/comments/add/27951 Project: Drupal Version: cvs Component: user.module Category: bug reports Priority: normal Assigned to: Anonymous Reported by: kubaZygmunt Updated by: Robrecht Jacques Status: patch (code needs review) Attachment: http://drupal.org/files/issues/user-delete_user_0.patch (1.54 KB) Found that part 1 was fixed in Drupal 4.6 (rev 1.454.2.8) but was not applied to CVS-HEAD. Rerolled the patch. Robrecht Jacques Previous comments: ------------------------------------------------------------------------ Mon, 01 Aug 2005 13:17:00 +0000 : kubaZygmunt Attachment: http://drupal.org/files/issues/user.module.patch.txt (914 bytes) I've found two bugs in user.module 1. Deleting button in admin section doesn't work ( deleting works only by url user/$id/delete ), I've upadated condition 2. If you change role name to 0 then system deletes role. (I've added isset($edit['name') ) ------------------------------------------------------------------------ Sun, 11 Sep 2005 16:51:04 +0000 : Robrecht Jacques Attachment: http://drupal.org/files/issues/user-delete_user.patch (989 bytes) (patch bingo) I can confirm the "user doesn't delete" bug exists. But maybe someone has to look at it a bit more closely. I observe the following: * go to "admin/user", create a new account (eg "test" with uid = 42); * if you click on the "user/admin" page on the "edit" link for the "test" user, you go to "user/42/edit&destination=admin%2Fuser"; * if you then click on "Delete", the user is not deleted and one goes back to "user/admin" == BUG; * however, if you go to "user/42/edit" directly (or by going to "user/42/view" and then click on the "edit" tab), there is no "destination=..." in the url and then the "Delete" button works. Basically, the code: else if ($_POST['op'] == t('Delete')) { // Note: we redirect from user/uid/edit to user/uid/delete to make the tabs disappear. drupal_goto("user/$account->uid/delete"); } does not work when there is already a "destination=..." in the request. The patch does fix it, but the tabs (edit/view) are shown on the confirmation page. As someone has put a comment about this in the code, I think someone thinks strongy against having these tabs there. As for the second bug I can confirm this: you can't change a role name to "0", but you can change it to "1". The patch fixes it, but allowed the name of the role to be set to '' (empty string) too. Rerolled the patch - but someone still has to look at this "drupal_goto()" thingy.
participants (2)
-
kubaZygmunt -
Robrecht Jacques