[drupal-devel] [bug] user_access returns invalid data
Anonymous
drupal-devel at drupal.org
Thu Feb 3 23:20:03 UTC 2005
Project: Drupal
-Version: <none>
+Version: 4.5.0
Component: user.module
Category: bug reports
Priority: critical
Assigned to: javanaut
Reported by: javanaut
Updated by: Anonymous
Status: patch
+ return strpos($perm[$account->uid], "$string, ") !== FALSE ? TRUE :
FALSE;
could be written more simply as
+ return strpos($perm[$account->uid], "$string, ") !== FALSE;
Keep in mind it's also possible to type-cast the result of strstr to a
boolean value (i.e. return (bool) strstr($perm[$account->uid],
"$string, ");)... I am unsure as to whether strstr or strpos would be
faster... perhaps a quick benchmark could answer the question of which
we should use.
Anonymous
Previous comments:
------------------------------------------------------------------------
February 3, 2005 - 21:32 : javanaut
Attachment: http://drupal.org/files/issues/user_access_bug.patch (473 bytes)
The user_access function in user.module returns the results of the
*strstr()* function, which returns a string, not a Boolean like the
documentation suggests. This was screwing things up for me since
flexinode relies on user_access for it's node_access('create'..)
functionality.
The attached patch uses strpos instead of strstr. It was created from
a 4.5 codebase, but I noticed that the same issue is in HEAD as well.
I'm using it on my dev site, and node_access('create'..) calls are now
working properly and nothing I'm using seems to have any problems with
it.
--
View: http://drupal.org/node/16705
Edit: http://drupal.org/project/comments/add/16705
More information about the drupal-devel
mailing list