Hi,
On older Drupal versions (for instance 6.3), the function "user_login_destination" doesn't exist, leading to a fatal error on some parts of cas.module.
I've made a quick fix, which is to implement a small "compatibility" function like this:
<?php
/**
* Compatilibity function for older Drupal versions
*/
function cas_user_login_destination() {
// Use default implementation
if (function_exists('user_login_destination')) {
return user_login_destination();
}
$destination = drupal_get_destination();
return $destination == 'destination=user%2Flogin' ? 'destination=user' : $destination;
}
?>
And then replace all calls to user_login_destination() to cas_user_login_destination().
Comments
Comment #1
bfroehle commentedLooking through the history, it seems that this function was added in #365597: logging in from user/login shows "Access denied" after login, which first appeared in Drupal 6.19. Since then there have been two security releases (6.21 & 6.23) in which this feature was present.
I'm very tempted to mark this as won't fix. You've clearly identified the issue and provided an appropriate patch -- although it seems pointless to dispatch to user_login_destination since you've just copied the entire function code below.
Is there a compelling reason to support old, potentially insecure, versions of Drupal core?
Comment #2
bfroehle commentedHmm, according to the usage statistics for Drupal core, something like 22% of all D6 installations use 6.19 or prior.
Comment #3
julioneander commentedI think Drupal's guidelines at .info files are questionable. According to the official documentation at the "core" section of http://drupal.org/node/231036, you cannot specify the minor version number, only the major (6.x).
Most modules that need user_login_destination() probably will have this problem and can't set a minimum Drupal 6 version that is compatible with the module.
As long as the core information at cas.info is 6.x, I think it is important, at least at places that can cause fatal errors, to ensure simple backwards compatibility.
Or just prevent the module from being installed on unsupported Drupal versions.
Regards.
Comment #4
bfroehle commentedHow about the attached patch? I've moved the user_login_destination() code into cas_login_destination(), and replaced all user_login_destination calls with cas_login_destination.
Comment #5
julioneander commentedThe patch looks fine! I applied it here in my Drupal version (6.3) with no issues.
Does it need to be tested in other environments as well? (I'm new to Drupal's community, gotta learn the workflow of the issue statuses...)
Thanks!
Comment #6
bfroehle commentedCommitted in 50008d22377a7912822a763542a7782df673c326.
Thanks for reporting the bug.