I've managed to kill PHP on my server when taxonomy_access.module "forgot" one of it's access checkboxes I'd set.

If you have NOT checked the "uncategorised nodes" view permission for anonymous users you will experience the following problem:-

Server 500 error, caused by:
drupal trying to access your home page node, but taxonomy_access.module not letting the anonymous user vioew it, and instead returning a 404 error.
Drupal then trys to display the 404 error node defined in the admin->settings page.
taxonomy_access module wont let Drupal show this uncategorized 404 error node, so trys to show the 404 error node.

You get the idea, a loop which eventually causes PHP to sement fault and thus killing the server with a 500 error.

My solution to this is to prevent taxonomy_access for doing anything if the page is the 404 or 403 error nodes, as defined in admin->settings

I've not got a code patch for this though - as taxonomy_Access.module feels like an out of control mess at the moment with so many patches doing the rounds.

Comments

keve’s picture

It is not only a problem with Taxonomy_access, i could regenerate it with "node privacy by role" module.
Because both modules sets access permission in table "node_access", then the drupal core handles if the node can be accessed by user or not.

Maybe this should be a stability issue for drupal core, to check if user has view access right for the 403 error page.

I cannot solve this in taxonomy_access module only, because the same problem would remain, if i set the 403 error page to a node (after adding/editing this node) , which does not have "grant_view" property in the node_access table for all users. This should be checked also by drupal core, when accessing or setting the 403 error page.

I will try to check it with other developers.

keve’s picture

Status: Active » Closed (fixed)

This is fixed in core w/ 4.7.
drupal_access_denied()