[drupal-devel] [bug] user_access returns invalid data
javanaut
drupal-devel at drupal.org
Fri Feb 4 01:24:16 UTC 2005
Project: Drupal
Version: 4.5.0
Component: user.module
Category: bug reports
Priority: critical
Assigned to: javanaut
Reported by: javanaut
Updated by: javanaut
Status: patch
Heh, after posting that, I realized what I had done, but never got back
around to simplifying it. Good eye.
javanaut
Previous comments:
------------------------------------------------------------------------
February 3, 2005 - 15:32 : javanaut
Attachment: http://drupal.org/files/issues/user_access_bug.patch (473 bytes)
The user_access function in user.module returns the results of the
*strstr()* function, which returns a string, not a Boolean like the
documentation suggests. This was screwing things up for me since
flexinode relies on user_access for it's node_access('create'..)
functionality.
The attached patch uses strpos instead of strstr. It was created from
a 4.5 codebase, but I noticed that the same issue is in HEAD as well.
I'm using it on my dev site, and node_access('create'..) calls are now
working properly and nothing I'm using seems to have any problems with
it.
------------------------------------------------------------------------
February 3, 2005 - 17:20 : Anonymous
+ return strpos($perm[$account->uid], "$string, ") !== FALSE ? TRUE :
FALSE;
could be written more simply as
+ return strpos($perm[$account->uid], "$string, ") !== FALSE;
Keep in mind it's also possible to type-cast the result of strstr to a
boolean value (i.e. return (bool) strstr($perm[$account->uid],
"$string, ");)... I am unsure as to whether strstr or strpos would be
faster... perhaps a quick benchmark could answer the question of which
we should use.
--
View: http://drupal.org/node/16705
Edit: http://drupal.org/project/comments/add/16705
More information about the drupal-devel
mailing list