Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Hi,
To be able to update the $user object from a module, the _user('load') hook must be called AFTER loading the current roles from the database, and not before. It is simply a matter of moving one line a few lines down. Here is the unified patch:
--- drupal-4.5.2-hyper/modules/user.module 2005-04-01 10:16:15.000000000 +0200
+++ drupal-4.5.2/modules/user.module 2005-01-05 21:17:33.000000000 +0100
@@ -69,6 +69,7 @@
if (db_num_rows($result)) {
$user = db_fetch_object($result);
$user = drupal_unpack($user);
+ user_module_invoke('load', $array, $user);
$user->roles = array();
$result = db_query('SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $user->uid);
@@ -79,7 +80,6 @@
else {
$user = new StdClass();
}
- user_module_invoke('load', $array, $user);
return $user;
}
@@ -1191,7 +1191,6 @@
$op = arg(2) ? arg(2) : arg(1);
}
-
switch ($op) {
case t('E-mail new password'):
case 'password':
Comment | File | Size | Author |
---|---|---|---|
#2 | user_load_invoke.patch | 887 bytes | chx |
Comments
Comment #1
Prometheus6 CreditAttribution: Prometheus6 commentedYour statement makes sense but I think the patch has it backward.
It's deleting stuff from the newer file and adding stuff from the older file.
Comment #2
chx CreditAttribution: chx commentedHere is a cvs diff against HEAD. Please note that I have moved the user_invoke after loading the roles but NOT after the if. I think I like this change.
Comment #3
moshe weitzman CreditAttribution: moshe weitzman commentedI like this too. Dries has exopressed concern that modules will misbehave and ruin security by changing roles for a user. This is always possible with hook_block(), hook_menu() or many other places. You simply have to trust the modules that you run on your site. They can do whatever they want.
Comment #4
Dries CreditAttribution: Dries commentedCommitted to HEAD and DRUPAL-4-6.
Comment #5
(not verified) CreditAttribution: commented