user_access() don't reset correctly if called with uid = 1 [#329646]

Following a discussion on the dev mailing list:

user_access() believe that unsetting a static will reset it. But it's not the way PHP works (the unset is only temporary to the function call in that case).

Given the strange internal logic of user_access(), this only hurts in the case when $account->uid = 1, or when $account = NULL and the current user is #1, because in these two cases, the function returns before reassigning something to $perm.

Comment	File	Size	Author
#1	329646-user-module-reset.patch	514 bytes	Damien Tournoud
#1
#1	329646-user-module-reset-d6.patch	525 bytes	Damien Tournoud
#1

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

Damien Tournoud CreditAttribution: Damien Tournoud commented 3 November 2008 at 20:25

Status:

Active

» Needs review

File	Size
329646-user-module-reset-d6.patch	525 bytes

329646-user-module-reset.patch	514 bytes

Here is a patch for this. I'm also working on a test.

Comment #2

Anonymous (not verified) CreditAttribution: Anonymous commented 4 November 2008 at 14:28

Priority:	Normal	» Critical
Status:	Needs review	» Reviewed & tested by the community

Using unset on a static variable only ``unsets'' the variable from the point of the unset. The values prior to the unset still exist. This patch provides the intended behavior.

Comment #3

drewish CreditAttribution: drewish commented 4 November 2008 at 20:16

i found earnie's explanation unclear. the php.net docs for unset() helped me understand the problem:

If a static variable is unset() inside of a function, unset() destroys the variable only in the context of the rest of a function. Following calls will restore the previous value of a variable.