[drupal-devel] [bug] Deleting Users & validate role name
Robrecht Jacques
drupal-devel at drupal.org
Sun Sep 11 17:10:23 UTC 2005
Issue status update for
http://drupal.org/node/27951
Post a follow up:
http://drupal.org/project/comments/add/27951
Project: Drupal
Version: cvs
Component: user.module
Category: bug reports
Priority: normal
Assigned to: Anonymous
Reported by: kubaZygmunt
Updated by: Robrecht Jacques
Status: patch (code needs review)
Attachment: http://drupal.org/files/issues/user-delete_user_0.patch (1.54 KB)
Found that part 1 was fixed in Drupal 4.6 (rev 1.454.2.8) but was not
applied to CVS-HEAD.
Rerolled the patch.
Robrecht Jacques
Previous comments:
------------------------------------------------------------------------
Mon, 01 Aug 2005 13:17:00 +0000 : kubaZygmunt
Attachment: http://drupal.org/files/issues/user.module.patch.txt (914 bytes)
I've found two bugs in user.module
1. Deleting button in admin section doesn't work ( deleting works only
by url user/$id/delete ), I've upadated condition
2. If you change role name to 0 then system deletes role. (I've added
isset($edit['name') )
------------------------------------------------------------------------
Sun, 11 Sep 2005 16:51:04 +0000 : Robrecht Jacques
Attachment: http://drupal.org/files/issues/user-delete_user.patch (989 bytes)
(patch bingo)
I can confirm the "user doesn't delete" bug exists. But maybe someone
has to look at it a bit more closely. I observe the following:
* go to "admin/user", create a new account (eg "test" with uid = 42);
* if you click on the "user/admin" page on the "edit" link for the
"test" user, you go to "user/42/edit&destination=admin%2Fuser";
* if you then click on "Delete", the user is not deleted and one goes
back to "user/admin" == BUG;
* however, if you go to "user/42/edit" directly (or by going to
"user/42/view" and then click on the "edit" tab), there is no
"destination=..." in the url and then the "Delete" button works.
Basically, the code:
else if ($_POST['op'] == t('Delete')) {
// Note: we redirect from user/uid/edit to user/uid/delete to
make the tabs disappear.
drupal_goto("user/$account->uid/delete");
}
does not work when there is already a "destination=..." in the request.
The patch does fix it, but the tabs (edit/view) are shown on the
confirmation page. As someone has put a comment about this in the code,
I think someone thinks strongy against having these tabs there.
As for the second bug I can confirm this: you can't change a role name
to "0", but you can change it to "1". The patch fixes it, but allowed
the name of the role to be set to '' (empty string) too.
Rerolled the patch - but someone still has to look at this
"drupal_goto()" thingy.
More information about the drupal-devel
mailing list