| Project: | Drupal core |
| Version: | 6.12 |
| Component: | base system |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed (duplicate) |
Issue Summary
The patch resulting from bug #292565 broke functionality that existed in D6.11 and earlier.
In D6.11 and earlier, when a custom access denied page was set under admin/settings/error-reporting, the resulting access denied would correctly forward you to the page you were trying to access (destination). In D6.12, the user is forwarded to the access denied page even after logging in successfully.
To reproduce:
1. Create a new page, noting the path (i.e. node/1).
2. Under Administer -> Site Configuration -> Error Reporting, add the path to the Default 403 page.
3. Log out.
4. Try to access /admin
5. Log in.
Once you log in, you are redirected to the access denied page, which is counterintuitive and confusing for users. Without a custom error page, the expected behavior occurs (the user is redirected to the destination page, /admin).
Related post: http://drupal.org/node/292565
Since drupal_access_denied() isn't checking for (and setting) $_REQUEST['destination'] it's never set correctly and the login form doesn't know where to go.
Comments
#1
I'm getting this too.
Patch attached.
edit: this was fixed on a Drupal 6.12 site, but should probably be disregarded seeing how much it has been discussed and committed already over at #292565: Regression: Can't set /user to 403 page (was: login destination is broken). Use it if you wish, however... it fixes the issue for me.
#2
Duplicate of #292565: Regression: Can't set /user to 403 page (was: login destination is broken)