Deleting Users & validate role name

(patch bingo)

I can confirm the "user doesn't delete" bug exists. But maybe someone has to look at it a bit more closely. I observe the following:

• go to "admin/user", create a new account (eg "test" with uid = 42);
• if you click on the "user/admin" page on the "edit" link for the "test" user, you go to "user/42/edit&destination=admin%2Fuser";
• if you then click on "Delete", the user is not deleted and one goes back to "user/admin" == BUG;
• however, if you go to "user/42/edit" directly (or by going to "user/42/view" and then click on the "edit" tab), there is no "destination=..." in the url and then the "Delete" button works.

Basically, the code:

  else if ($_POST['op'] == t('Delete')) {
    // Note: we redirect from user/uid/edit to user/uid/delete to make the tabs disappear.
    drupal_goto("user/$account->uid/delete");
  }

does not work when there is already a "destination=..." in the request.
The patch does fix it, but the tabs (edit/view) are shown on the confirmation page. As someone has put a comment about this in the code, I think someone thinks strongy against having these tabs there.

As for the second bug I can confirm this: you can't change a role name to "0", but you can change it to "1". The patch fixes it, but allowed the name of the role to be set to '' (empty string) too.

Rerolled the patch - but someone still has to look at this "drupal_goto()" thingy.

Found that part 1 was fixed in Drupal 4.6 (rev 1.454.2.8) but was not applied to CVS-HEAD.

Rerolled the patch.

i think we finally fixed this. please reopen or mark this as a dupe if there is a patch pending elsewhere on this.