Install tokenauth, but don't give permissions to use it. Attempt to use tokenauth to view a page (in my case, a node page). Result is a PHP memory limit error and WSOD.

Comments

Grayside’s picture

Status: Active » Fixed

Per the API directive ,

Page callback functions wanting to report an "access denied" message should return MENU_ACCESS_DENIED

In this situation we are not trying to deny access in a page callback, but in the middle of the page's menu item loading pipeline. At that point, it seems necessary to use drupal_access_denied(). Unfortunately, if you follow-up how that function works, you find drupal_deliver_page() called without an argument specified for the second parameter, which results in menu_get_item() being run for the same page, again. Sadly, this creates a recursion.

Rather than use a crude hack (e.g., static variable to detect if tokenauth logic was previously checked), I am dropping drupal_access_denied(), and instead manipulating the menu item. After all, the point of hook_menu_get_item_alter() is allow real-time transformation of the menu router information, which includes the access callback--or setting access explicitly to TRUE or FALSE.

http://drupalcode.org/project/tokenauth.git/commit/1b2dd36

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.