Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Following a discussion on the dev mailing list:
user_access() believe that unsetting a static will reset it. But it's not the way PHP works (the unset is only temporary to the function call in that case).
Given the strange internal logic of user_access(), this only hurts in the case when $account->uid = 1, or when $account = NULL and the current user is #1, because in these two cases, the function returns before reassigning something to $perm.
Comment | File | Size | Author |
---|---|---|---|
#1 | 329646-user-module-reset.patch | 514 bytes | Damien Tournoud |
#1 | 329646-user-module-reset-d6.patch | 525 bytes | Damien Tournoud |
Comments
Comment #1
Damien Tournoud CreditAttribution: Damien Tournoud commentedHere is a patch for this. I'm also working on a test.
Comment #2
Anonymous (not verified) CreditAttribution: Anonymous commentedUsing unset on a static variable only ``unsets'' the variable from the point of the unset. The values prior to the unset still exist. This patch provides the intended behavior.
Comment #3
drewish CreditAttribution: drewish commentedi found earnie's explanation unclear. the php.net docs for unset() helped me understand the problem:
Comment #4
Gábor HojtsyAgreed that this looks RTBC, awaiting Drupal 7 commit to commit to Drupal 6.
Comment #5
Dries CreditAttribution: Dries commentedGood catch. Ideally, we would have written a test for this though...
Committed to CVS HEAD and DRUPAL-6. Thanks.