If you run
dpm($account) within user_access() after if (!isset($perm[$account->uid])) {

You will see "access content", which is a string.

But a few lines later it's attempting to be passed into a mysql query as $account->roles, which is blank.

Here are the errors:

warning: array_fill() [function.array-fill]: Number of elements must be positive in /public_html/includes/database.inc on line 253.
warning: implode() [function.implode]: Invalid arguments passed in /public_html/includes/database.inc on line 253.
warning: array_keys() expects parameter 1 to be array, null given in /public_html/modules/user/user.module on line 530.
user warning: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1 query: SELECT p.perm FROM drupal_role r INNER JOIN drupal_permission p ON p.rid = r.rid WHERE r.rid IN () in /public_html/modules/user/user.module on line 530.

CommentFileSizeAuthor
#2 user-access-roles-1472268.patch580 bytestayzlor

Comments

tayzlor’s picture

tayzlor commented
Version: 7.12 » 8.x-dev
Issue tags: +Needs backport to D7
tayzlor’s picture

tayzlor commented
StatusFileSize
new user-access-roles-1472268.patch580 bytes

attaching a patch which adds checks to establish if roles are set on the user object and if $account->roles is an array.

tayzlor’s picture

tayzlor commented
Status: Active » Needs review
BrockBoland’s picture

BrockBoland commented
Status: Needs review » Postponed (maintainer needs more info)

I can't replicate this, and I'm not sure where you're seeing the issues you report. $account->roles isn't being passed into a query without being checked: user_role_permissions() will build an array of roles, if there are any available, and use them in a query, but it does check for values before doing so. Furthermore, line 530 in user.module isn't a query, in 7.12 or 8.x.

Needs clarification or more info from rickmanelius.

BrockBoland’s picture

BrockBoland commented

(I should refresh before I post comments)

tayzlor, have you been able to replicate this?

rickmanelius’s picture

rickmanelius commented

Apologies, I should have created a better scenario to recreate. But regardless of recreating, you can throw a dpm() call in there to see that it's not making it into the query as an array.

tayzlor’s picture

tayzlor commented

Was not able to reproduce exact issue described. Weirdness does happen if $account is not a user object (function being called incorrectly - which would not happen in core anyway). Added some defensive coding anyway, but could argue that it is not even necessary.

user_role_permissions already checks if $fetch is set anyway, so we could just close this? cannot see how the mysql bug can possibly happen.

Version: 8.0.x-dev » 8.1.x-dev

Drupal 8.0.6 was released on April 6 and is the final bugfix release for the Drupal 8.0.x series. Drupal 8.0.x will not receive any further development aside from security fixes. Drupal 8.1.0-rc1 is now available and sites should prepare to update to 8.1.0.

Bug reports should be targeted against the 8.1.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.2.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.1.x-dev » 8.2.x-dev

Drupal 8.1.9 was released on September 7 and is the final bugfix release for the Drupal 8.1.x series. Drupal 8.1.x will not receive any further development aside from security fixes. Drupal 8.2.0-rc1 is now available and sites should prepare to upgrade to 8.2.0.

Bug reports should be targeted against the 8.2.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.3.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

dpi’s picture

dpi
Location Perth, Australia
commented
Issue summary: View changes
Status: Postponed (maintainer needs more info) » Closed (won't fix)

This will no longer happen in D8 since $user->getRoles() is guaranteed to return an array.

The problematic query no longer exists in D7, and it also appears that role is always an array in D7, and it is prepopulated with authenticated or anonymous roles (See \UserController::attachLoad)

See also #777116-47: Empty $account->roles causes a sql error in user_access