LDAP Groups: "PHP to filter roles by" broken
| Project: | LDAP integration |
| Version: | 6.x-1.0-beta2 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | needs review |
I would have sworn I had this working in the past, but I can't get it to work now after upgrading to beta2. I'm using postgresql, drupal 6.14, ldap_integration 6.x-1.0-beta2, on debian
Steps to reproduce:
- Install LDAP Group module, create & Configure LDAP Group Server
- Use sample filter given below the field into the PHP to filter roles by
$groups = array_filter($groups, create_function('$a', 'return preg_match(\'/Staff/\', $a);'));
return $groups; - Log in on any LDAP account
Expected Behavior
User logged in, only groups that have "Staff" in their name are used
Seen Behavior after logging in
warning: Invalid argument supplied for foreach() in ..../ldap_integration/ldapgroups.inc on line 53.
Relevant code:
46 // Next, we apply site-specific rules.
47 $groups = _ldapgroups_filter($account, $groups);
48
49 // At this point, the roles are in the full DN format.
50 $roles = array();
51 if (!empty($groups)) {
52 $ldapgroups_mappings = _ldapgroups_ldap_info($account, 'ldapgroups_mappings');
53 foreach ($groups as $group) {When I add var_dump($groups) before line 53, I see that $groups contains a string instead of an array!:
string(138) "$groups = array_filter($groups, create_function('$a', 'return preg_match(\'/cms(Admins|ENGGSITECAPSHORTNAME)/\', $a);'));
return $groups;"I tracked this down to the _ldapgroups_filter() function in ldapgroups.inc:
216 if ($code = _ldapgroups_ldap_info($account, 'ldapgroups_filter_php'))
217 $groups = drupal_eval($code);This seems odd to me -- according to the api for drupal_eval, code passed to drupal_eval should be surrounded in <?php ?> tags -- but the example given for ldapgroups_filter_php isn't in these tags.
Also, if you simply surround the example with <php ?> tags, it still doesn't work, because it assumes the $groups variable is available in the eval context, but the context of the filter is actually the function drupal_eval(), which has no access to the $groups variable.
Like I said, I'm very confused, because I was sure I had the filter working before my recent upgrade to beta2, but in checking out the CVS code, I don't see a change that would have introduced this. Am I missing something obvious?
#1
Thesame problem here.
In the previous version we had no troubles with these filter.
Now we have tesame problem as described above.
#2
pbosmans: Thanks for the confirmation.
Found the source of this bug -- looks like eval() was changed to drupal_eval() in the latest version (beta2).
This took me a bit to find since the _ldapgroups_filter() function moved from being in the ldapgroups.module file to a new file called ldapgroups.inc
If you change line 217 of ldapgroups.inc back to:
$groups = eval($code);the filter should work again. Innocent mistake to assume that drupal_eval() is a drop-in replacement to eval() -- unfortunately, they have quite different behaviors!
#3
I tried to figure out how one might use drupal_eval() instead of eval() in this scenario, but it just doesn't make sense. We need to allow manipulation of the $groups array via user-submitted PHP -- drupal_eval() simply doesn't allow this in any straight-forward manner.
So, here's a patch against HEAD to revert back to using eval().
#4
Do you have to include the "
<?php
?>
If so it should , some help text saying so in the admin form should be part of this patch.
Thanks!
---UPDATE---
I tried it out and it looks like you don't have to,
#5
I've tested this patch and it fixed it for me!