content_types/user_profile.inc and content_types/user_picture.inc query $account->access the user object access variable - the timestamp the user last accessed their account. I've changed this for user_access('access user profiles').

On failing they were then calling drupal_not_found() which was causing strange behavior with a full 404 page, followed by another full drupal rendered page with the the rest of the panel.

The includes were, also possibly, cloning set non-object variables or were allowing NULL to be passed into the rest of the function where a user object is assumed.

On failing either test I have just set to return, on scanning other code I don't think there is any panels 'access denied' and 'not found' handling for here. But if there is these return lines should be replaced with it.

Comments

smk-ka’s picture

StatusFileSize
new2.4 KB

I think removing drupal_not_found() and checking for 'access user profiles' permission is right. Removing the $account->access check was wrong, though (profiles are hidden until the first login of a user, except for admins). Re-added that bit.

BTW, where is $block->module = 'term-list'; used? Seems like a copy'n'paste issue that can be found in many content types (alongside with wrong function comments).

summit’s picture

Hi,

Could this issue be related to: http://drupal.org/node/322140?

Greetings,
Martijn

merlinofchaos’s picture

Status: Needs review » Closed (won't fix)

With the release of Drupal 7, Drupal 5 is no longer supported.