There are things in our anon flagging support that look suspicious. Here's a quick list of things that require further investigation.

Comments

mooffie’s picture

mooffie commented

$flag->theme():

- The variable $js_action isn't used.
- It seems we don't force the output to be the "Flag this!" link. See #996710: Anon flagging: Output of "flag this!" links only isn't enforced

mooffie’s picture

mooffie commented

$flag->_unflag():

- "$_COOKIE['flag']" is a typo.
- What's the purpose of these two lines? It should be documented (e.g., why it's not in _unflag_anonymous() instead).

See #1000128: Anon flagging: delete dead code

mooffie’s picture

mooffie commented

$this->_flag_anonymous() etc.:

I guess the lines "$_COOKIE['flags'] = $cookie_flags" and "$_COOKIE[$cookie_key] = 1" have some purpose. It should be documented.

This isn't important, now that our code isn't messy.

mooffie’s picture

mooffie commented

D7:

We use CACHE_DISABLED which doesn't seem to exist. (Maybe some of the other cache-related variables we use have changed in D7 as well.)

See #1001076: Anon flagging: CACHE_DISABLED gone in D7

mooffie’s picture

mooffie commented

Views:

        'value' => '***CURRENT_USER***',
        'numeric' => TRUE,
      );
      $join->extra[] = array(
        'field' => 'sid',
        'value' => flag_get_sid(),

We should use ***FLAG_SID*** instead of flag_get_sid() to make the query cacheable.

See #1003232: Use query substitution for the SID

mooffie’s picture

mooffie commented

D7: $flag->theme():

Why does the second drupal_add_js() call uses 'scope' but the first doesn't?

See #1005040: Fix parameters to drupal_add_js()

mooffie’s picture

mooffie commented

We have:

function flag_user($op, &$edit, &$account, $category = NULL) {
  switch ($op) {
    case 'login':
      // Migrate anonymous flags to this user's account.
      if (module_exists('session_api') && ($sid = flag_get_sid(0))) {

Should it be "flag_get_sid(0)" or "flag_get_sid()"?

(Yeah, it seems "flag_get_sid(0)" is correct (although I remember the author of Session API saying the SID is now preserved between logins). Whatever, it won't hurt to double check this part. MySQL does emit warning.)

mooffie’s picture

mooffie commented

We say, "Warning: Adding this relationship for any flag that contains anonymous flagging access will disable page caching for anonymous users when this view is executed. [...]"
But this is only true when [...]

See #1006526: Anon flagging: clarify Views warning

joachim’s picture

joachim commented
Title: Anon flagging: things to check » [meta] Anon flagging: things to check
Status: Active » Fixed

> Should it be "flag_get_sid(0)" or "flag_get_sid()"?

There's an issue for that, which is horrendously convoluted and where everyone disagrees :(

Closing this as it seems like a meta-issue and everything else has been crossed off.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.