cron.php logs in as admin and redirects to "user/1/notify"
emeij - April 10, 2007 - 09:17
| Project: | Notify |
| Version: | 5.x-1.0 |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | by design |
Jump to:
Description
Since I've installed the Notify module, I noticed the cron job getting time outs: "Cron run exceeded the time limit and was aborted." When I accessed http://site/cron.php I was autmatically logged in as the admin user (id = 1) and redirected to this user's notify settings page (user/1/notify)!!! This is a big security risk and surely this can't be right... When I comment out the contents of the notify_cron function this doesn't happen, so it must be going wrong somewhere in there.
Has anyone else experienced this before?
Edgar
#1
This is actually caused by a single node, which has php redirect code as its body. As soon as this node is loaded to be sent, the redirect breaks the Notify "workflow"..
#2
I've just had this issue - my workaround was to edit the node with the redirect code so that the created date was too far in the past to be picked up by Notify (but I've also hacked how Notify selects nodes to suit my purposes).
#3
you should remove all the redirect code...
#4
Usually you would use redirect code for a very specific purpose, in my case I cannot see how else I would achieve the requirements - removing it is not the solution, and you have to allow for the fact that some sites need to have nodes that use PHP code. It would be better to have an option for Notify to ignore nodes that have PHP as the input type.