Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
user_access() function returns a string not a boolean.
This caused memory consumption problems for us due to a bug elsewhere in our code.
i.e.
return strstr($perm[$account->uid], "$string, ");
should probably be
if ( strstr($perm[$account->uid], "$string, "))
{
return true;
} else
{
return false;
}
Comment | File | Size | Author |
---|---|---|---|
#11 | user_access.returnbooleans_2.diff | 884 bytes | deekayen |
#10 | user_access.returnbooleans_1.diff | 763 bytes | deekayen |
#2 | user_access.returnbooleans_0.diff | 1.59 KB | deekayen |
#1 | user_access.returnbooleans.diff | 1.28 KB | deekayen |
Comments
Comment #1
deekayen CreditAttribution: deekayen commentedAttached patch has a spelling correction and makes user_access() return only booleans. Diff'ed against HEAD.
Comment #2
deekayen CreditAttribution: deekayen commentedIt bothered me to have a string search instead of an array search for permissions. This patch does what the previous patch does, but it uses in_array() on the static $perm instead of strstr() on a string.
Comment #3
deekayen CreditAttribution: deekayen commentedComment #4
killes@www.drop.org CreditAttribution: killes@www.drop.org commentedCan you please provide a benchmark test of the strstr approach vs the in_array one? I am concerned that it might be slower. user_access gets called quite often.
Comment #5
deekayen CreditAttribution: deekayen commentedThat's a fair request. The output of the following code on my WinXP, PHP5.1-dev, 2.133 Ghz Athlon is:
0.29749894142151
0.29712684249878
1.0804200172424
0.56814384460449
0.10924220085144
0.12113380432129
0.13284420967102
Comment #6
deekayen CreditAttribution: deekayen commentedActually, there's a bug in the benchmark code that causes $result to not populate. Switch the following:
to
Then the string search is more like 8.1727991104126 seconds verses like 0.46953892707825 for the array search, an even bigger difference.
Comment #7
Dries CreditAttribution: Dries commentedCommitted to HEAD.
Comment #8
killes@www.drop.org CreditAttribution: killes@www.drop.org commentedPlease revert this patch, it isn't working at all. Drupal HEad is non-workign for all users which aren't No. 1.
Comment #9
moshe weitzman CreditAttribution: moshe weitzman commentedyeah - this breaks HEAD completely. here is a possible fix, if we still want to use in_array() for checking. this is in user_access() where we build the permission array:
Comment #10
deekayen CreditAttribution: deekayen commentedI haven't found a case where trim() would be necessary if you explode on ', ' (with the space). I made a patch so things are hopefully less broken. I'm working on the benchmark people keep asking me for in #drupal.
Comment #11
deekayen CreditAttribution: deekayen commentedin_array() was faster, but explode() is slow, so this reverts back to strstr. I hope I can blame my newbieness to Drupal internals on this, but I should have looked to see how permissions were stored before just assuming each loop through db_fetch_object was a separate permission instead of a string of permissions.
Comment #12
moshe weitzman CreditAttribution: moshe weitzman commentedand the fact that you obviously did not test your patch with any user beside uid=1. considering that the code branch you changed doesn't even apply to uid=1, i'd say that this was pretty reckless.
other than that, welcome to the project. we look forward to your future patches ...
Comment #13
killes@www.drop.org CreditAttribution: killes@www.drop.org commentedthe original issue was fixed in core.
Comment #14
(not verified) CreditAttribution: commentedComment #15
(not verified) CreditAttribution: commentedComment #16
(not verified) CreditAttribution: commentedComment #17
(not verified) CreditAttribution: commentedComment #18
(not verified) CreditAttribution: commented