[drupal-devel] [bug] Deleting Users & validate role name

Robrecht Jacques drupal-devel at drupal.org
Sun Sep 11 17:10:23 UTC 2005

Issue status update for 
Post a follow up: 

 Project:      Drupal
 Version:      cvs
 Component:    user.module
 Category:     bug reports
 Priority:     normal
 Assigned to:  Anonymous
 Reported by:  kubaZygmunt
 Updated by:   Robrecht Jacques
 Status:       patch (code needs review)
 Attachment:   http://drupal.org/files/issues/user-delete_user_0.patch (1.54 KB)

Found that part 1 was fixed in Drupal 4.6 (rev 1.454.2.8) but was not
applied to CVS-HEAD.

Rerolled the patch.

Robrecht Jacques

Previous comments:

Mon, 01 Aug 2005 13:17:00 +0000 : kubaZygmunt

Attachment: http://drupal.org/files/issues/user.module.patch.txt (914 bytes)

I've found two bugs in user.module
1. Deleting button in admin section doesn't work ( deleting works only
by url user/$id/delete ), I've upadated condition
2. If you change role name to 0 then system deletes role. (I've added
isset($edit['name') )


Sun, 11 Sep 2005 16:51:04 +0000 : Robrecht Jacques

Attachment: http://drupal.org/files/issues/user-delete_user.patch (989 bytes)

(patch bingo)

I can confirm the "user doesn't delete" bug exists. But maybe someone
has to look at it a bit more closely. I observe the following:

* go to "admin/user", create a new account (eg "test" with uid = 42);
* if you click on the "user/admin" page on the "edit" link for the
"test" user, you go to "user/42/edit&destination=admin%2Fuser";
* if you then click on "Delete", the user is not deleted and one goes
back to "user/admin" == BUG;
* however, if you go to "user/42/edit" directly (or by going to
"user/42/view" and then click on the "edit" tab), there is no
"destination=..." in the url and then the "Delete" button works.

Basically, the code:
  else if ($_POST['op'] == t('Delete')) {
    // Note: we redirect from user/uid/edit to user/uid/delete to
make the tabs disappear.
does not work when there is already a "destination=..." in the request.
The patch does fix it, but the tabs (edit/view) are shown on the
confirmation page. As someone has put a comment about this in the code,
I think someone thinks strongy against having these tabs there.

As for the second bug I can confirm this: you can't change a role name
to "0", but you can change it to "1". The patch fixes it, but allowed
the name of the role to be set to '' (empty string) too.

Rerolled the patch - but someone still has to look at this
"drupal_goto()" thingy.

More information about the drupal-devel mailing list