Say a user is logged out, but when logged in their uid would be 500. If they visit og/manage/500 (which would be their subscription management page if they were logged in), then they get an sql error.

What should happen is that they get an access denied error, but the path 'og/manage/500' isn't created unless they are logged in, so they are getting the default 'og' path. This calls og_list_groups_page with args $uid = 'manage' and $format = 500, which causes errors.

The reason that this is a problem is that notification emails have a link to that url, and a user being notified by email is not always going to be logged in. So when they click on the handy link in their email that says 'manage your subscription', they are taken to a scary page accusing them of committing sql errors.

I've attached a patch to fix this, which will give them an 'Acess Denied' error so they know to log in.

CommentFileSizeAuthor
og-manage.patch1.76 KBwrunt

Comments

ngstigator’s picture

ngstigator commented

Thanks Alex. You saved me some code-diving and more importantly, time! Cheers.

moshe weitzman’s picture

moshe weitzman commented
Status: Needs review » Needs work

this patch doesn't look like what you described (manage page)

wrunt’s picture

wrunt commented

The patch doesn't actually change the manage page, it just stops the user from seeing sql errors and serves them up a drupal_not_found() page instead.

m3avrck’s picture

m3avrck commented

I have a similar problem with logged out users as well.

When they visit "og/users/881" they see this error:

Warning: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1 query: pager_query SELECT COUNT(*) FROM og og INNER JOIN node n ON og.nid = n.nid INNER JOIN node_revisions r ON r.vid = n.vid INNER JOIN users u ON n.uid = u.uid INNER JOIN og_uid ou ON ou.uid = u.uid INNER JOIN node_access na ON na.nid = og.nid WHERE (na.grant_view >= 1 AND ((na.gid = 0 AND na.realm = 'all') OR (na.gid = 0 AND na.realm = 'og_public') OR (na.gid = 0 AND na.realm = 'og_all'))) AND og.nid IN () in includes/database.mysql.inc on line 121

Warning: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') ORDER BY og.nid DESC LIMIT 0, 50' at line 1 query: pager_query SELECT DISTINCT(og.nid), n.title, r.body, n.uid, u.name, og.description FROM og og INNER JOIN node n ON og.nid = n.nid INNER JOIN node_revisions r ON r.vid = n.vid INNER JOIN users u ON n.uid = u.uid INNER JOIN og_uid ou ON ou.uid = u.uid INNER JOIN node_access na ON na.nid = og.nid WHERE (na.grant_view >= 1 AND ((na.gid = 0 AND na.realm = 'all') OR (na.gid = 0 AND na.realm = 'og_public') OR (na.gid = 0 AND na.realm = 'og_all'))) AND og.nid IN () ORDER BY og.nid DESC LIMIT 0, 50 in includes/database.mysql.inc on line 121

I'm going to try this patch and see if it works.

m3avrck’s picture

m3avrck commented

Hmm patch fixes the SQL errors but it redirects them to just "/og"

This is incorrect. It should show them "access denied"

Hmm...

moshe weitzman’s picture

moshe weitzman commented
Status: Needs work » Fixed

fixed in a different manner. i hope to rework the og_menu() one day

Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)