I've managed to kill PHP on my server when taxonomy_access.module "forgot" one of it's access checkboxes I'd set.
If you have NOT checked the "uncategorised nodes" view permission for anonymous users you will experience the following problem:-
Server 500 error, caused by:
drupal trying to access your home page node, but taxonomy_access.module not letting the anonymous user vioew it, and instead returning a 404 error.
Drupal then trys to display the 404 error node defined in the admin->settings page.
taxonomy_access module wont let Drupal show this uncategorized 404 error node, so trys to show the 404 error node.
You get the idea, a loop which eventually causes PHP to sement fault and thus killing the server with a 500 error.
My solution to this is to prevent taxonomy_access for doing anything if the page is the 404 or 403 error nodes, as defined in admin->settings
I've not got a code patch for this though - as taxonomy_Access.module feels like an out of control mess at the moment with so many patches doing the rounds.
Comments
Comment #1
keve commentedIt is not only a problem with Taxonomy_access, i could regenerate it with "node privacy by role" module.
Because both modules sets access permission in table "node_access", then the drupal core handles if the node can be accessed by user or not.
Maybe this should be a stability issue for drupal core, to check if user has view access right for the 403 error page.
I cannot solve this in taxonomy_access module only, because the same problem would remain, if i set the 403 error page to a node (after adding/editing this node) , which does not have "grant_view" property in the node_access table for all users. This should be checked also by drupal core, when accessing or setting the 403 error page.
I will try to check it with other developers.
Comment #2
keve commentedThis is fixed in core w/ 4.7.
drupal_access_denied()