Following a discussion on the dev mailing list:

user_access() believe that unsetting a static will reset it. But it's not the way PHP works (the unset is only temporary to the function call in that case).

Given the strange internal logic of user_access(), this only hurts in the case when $account->uid = 1, or when $account = NULL and the current user is #1, because in these two cases, the function returns before reassigning something to $perm.

CommentFileSizeAuthor
#1 329646-user-module-reset.patch514 bytesdamien tournoud
#1 329646-user-module-reset-d6.patch525 bytesdamien tournoud

Comments

damien tournoud’s picture

damien tournoud commented
Status: Active » Needs review
StatusFileSize
new 329646-user-module-reset-d6.patch525 bytes
new 329646-user-module-reset.patch514 bytes

Here is a patch for this. I'm also working on a test.

Anonymous’s picture

Anonymous (not verified) commented
Priority: Normal » Critical
Status: Needs review » Reviewed & tested by the community

Using unset on a static variable only ``unsets'' the variable from the point of the unset. The values prior to the unset still exist. This patch provides the intended behavior.

drewish’s picture

drewish commented

i found earnie's explanation unclear. the php.net docs for unset() helped me understand the problem:

If a static variable is unset() inside of a function, unset() destroys the variable only in the context of the rest of a function. Following calls will restore the previous value of a variable.

gábor hojtsy’s picture

gábor hojtsy
he/him
Primary language Hungarian
Location Hungary
commented

Agreed that this looks RTBC, awaiting Drupal 7 commit to commit to Drupal 6.

dries’s picture

dries commented
Status: Reviewed & tested by the community » Fixed

Good catch. Ideally, we would have written a test for this though...

Committed to CVS HEAD and DRUPAL-6. Thanks.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.