Permission names (for homebox names containing special chars)

No problem!

I close this issue, feel free to reopen if something goes wrong with Homebox.

Jérémy

As per #540016: system_update_6034() will fail if permission have single quote, please fix the home box module

I just updated code, to use cleaner permission names in 6.x-dev which will be available soon.

Note that you must re-check homebox permissions after the upgrade process, otherwise every homebox pages will return an access denied error.

Please test this new version before I can release it as stable, and hopefully make an non beta release.

Thank you for your feedbacks!
Jérémy

Checked the code... I believe you need a regex that allows only A-Za-z0-9

$filter = '![^abcdefghijklmnopqrstuvwxyz0-9-_]+!s';
$string_clean = preg_replace($filter, '-', drupal_strtolower($page->name));

Aside - this looks wrong...

if (is_numeric($pid) && !is_null($pid) && $page_name = _homebox_get_profile_safe_name($pid)) {

and need to be $page_safe_name

Ok thank you hass, I've just committed your advices : http://cvs.drupal.org/viewvc.py/drupal/contributions/modules/homebox/hom...

Hope it's good this time!
Jérémy

Only as a question... your module knows the "bad" permission names... why are you not running an update hook and replace the old broken permissions with the new?

Example (needs work for permission names):

/**
 * Update the permissions table, to fix invalid permission names having non-English characters.
 */
function homebox_update_600x() {
  $ret = array();

  $res = db_query('SELECT rid, perm FROM {permission}');
  $perms = array();
  while ($p = db_fetch_object($res)) {
    $perm = $p->perm;
    $perm = preg_replace('/access replace me foo/', 'access with save_permission_name foo', $perm);
    $perm = preg_replace('/access replace me bar/', 'access with save_permission_name bar', $perm);
    $perms[$p->rid] = $perm;
  }

  foreach ($perms as $rid => $permission) {
    // Use db_query as update_sql() could fail if single quotes are in a permission string.
    db_query("UPDATE {permission} SET perm = '%s' WHERE rid = %d", $permission, $rid);
    $ret[] = array('success' => TRUE, 'query' => 'UPDATE {permission} SET perm = ' . check_plain($permission) . ' WHERE rid = '. $rid);
  }

  return $ret;
}

@slybud: You need to test this... I cannot...

Ok, I have done that: http://drupal.org/cvs?commit=252434

Hopes it's good now!

Jérémy

Why are you not removing homebox_update_6004()? :-)

Aside - you must load the module in D6 times if homebox_pages() function does not exists in the .install file and only in the .module file... otherwise the function may be undefined...

function homebox_update_6005() {
  $ret = array();

  // homebox_pages() function is required. Make sure the module is loaded.
  drupal_load('module', 'homebox');

...

I did not removed update 6004 because if some people have updated to dev version before putting this release live, they wouldn't have the update permission names executed. I do undestand that this could be a really few people, but it can save them sometime.

I added the drupal_load call, but during my testing, I did not encountered any problem without it, anyway that sounds logical.

http://drupal.org/cvs?commit=252492

Thanks,
Jérémy

But now you have added 6005 that fixes all 604 issues automatically and 6004 is therefore only confusing all who will download the next dev... that's what I mean...

Can I completely remove homebox_update_6004() function? 6005 will be called anyway?

Yes!

Ok, great!

http://drupal.org/cvs?commit=252502

The reason for the drupal_load is the upgrade path... Since D6 - modules can be upgraded if they are nevertheless disabled... if the module is disabled and a newer software version is on the webserver having newer hook_update_N's the update hooks are executed by update.php with the module disabled and this would give an undefined function error if drupal_load() is not used in the .install file.

I cannot find the doc page(s) about that...

Good to know that!

Thank you!