Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Using an external XML-RPC blogging program with a trigger enabled on the site to redirect users on login will fail.
The problem is that in BlogAPI, user_authenticate() is called, which through user_load() will eventually activate the trigger mentioned above, messing up the XML-RPC request.
How to replicate :
1. Turn on the Trigger module
2. Create a 'redirect to url' action.
3. Have the newly created action trigger on user login
4. Use your blogging tool, it will fail.
I would be happy to provide a patch, however, I'm not sure what would be the best place to fix this.
1. In the BlogAPI module. Most likely candidate for a patch. However, putting code to load the user in the module itself is code duplication. Second, any code should prevent calling implementations of the 'user load' hooks (where the trigger gets triggered), but these hooks might provide necessary user information (e.g. contributed modules setting special permissions/roles)
2. In drupal_goto() or system_goto_action(), adding an extra check to see what kind of request was done, possibly needing some extra stuff. This could prevent redirects on special requests like XML-RPC.
Any ideas or suggestions?
Comments
Comment #1
Anonymous (not verified) commentedI was having this problem, and I was baffled by the way my front page would appear in the logs of MarsEdit instead of a proper XMLRPC response.
Would triggers and actions ever have a purpose with XML-RPC calls? (looking at #2) If so, it seems like the right target would be the drupal_goto and drupal_goto_action functions that the triggers rely on.
Comment #2
dpearcefl commentedDoes this issue exist in current D6?
Comment #3
dpearcefl commentedComment #4
ericpai commentedYes, read my post here. http://drupal.org/node/1141356#comment-4835586
Comment #5
multiplextor commentedClosed. The reason: expired version