Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.I'd like to thank the effort of making this module available for D7 first.
The following code in the module makes role names with non-ASCII character to be stripped off, entirely in some cases.
$perm .= preg_replace('/[^a-zA-Z0-9]/', '', $role_name);
The regular expression totally replaces Chinese/Japanese characters with nothing, for example. The role name ended up with an empty string, and making the module unfunctional.
A quick patch is not to replace any character, but use the role name as is. I don't know why the role name can be used as is...
I noticed some other minor I18N related issues (I don't know they warrant a bug report by themselves).
- The module is somehow reported to have a non UTF-8 character. I found N+~ character (used in Spanish, I guess), which is not saved as UTF-8.
- The permission screen cannot be translated due to lack of t() function. E.g. 'Edit users with no custom roles'
| Comment | File | Size | Author |
|---|---|---|---|
| #5 | administerusersbyrole-transliterate-5.patch | 835 bytes | Niremizov |
| #3 | administerusersbyrole-transliterate-0.patch | 825 bytes | smokris |
Comments
Comment #1
v1adimir CreditAttribution: v1adimir commentedit may be dangerous just removing
$perm .= preg_replace('/[^a-zA-Z0-9]/', '', $role_name);We can use transliteration module API to generate latin name for hook_permission()
Comment #2
NobuT CreditAttribution: NobuT commentedJust curious, why is it dangerous? Is there any possibility of injecting JavaScript or something to the role name? The regular expression also prohibit the use of some letters with acute or umlaut. I just wonder what was the intention of the regular expression...
Comment #3
smokrisIt's dangerous because some characters are not allowed in permissions strings, and invalid characters can result in database corruption.
I added the
preg_replacecall to address #709068: Square brackets [] in role name. There are a bunch of characters that aren't permitted to be used in permissions strings, but *which* characters aren't permitted unfortunately doesn't seem to be documented anywhere. In addition to square brackets mentioned in that issue, this comment says that commas are invalid.That sounds like a reasonable solution. If transliteration.module is installed, we should transliterate to Latin, then apply the existing
preg_replace. Patch attached.Comment #4
NobuT CreditAttribution: NobuT commentedThank you, Steve. I didn't know there are characters that aren't permitted in permission strings, while they are accepted as a role name. Very interesting.
Comment #5
Niremizov CreditAttribution: Niremizov commentedThx for the patch @smokris. I have applied it, but unfortunatelly it does not work as desired. For some reason you have transliterated $perm not $role_name variable. So I rerolled your patch, see below.
Comment #6
AdamPS CreditAttribution: AdamPS commentedI intend to fix this as part of #2378869: Meta-issue for Beta 2 release. Please sign up as a follower of that issue and there will shortly be a patch that I would like feedback on.
The fix is to use role ID rather than role name to build the permission. We still use the name for the title that is visible to users.
Thanks for the patch, but I think role ID approach is better and also fixes several related issues, e.g. renaming roles.
Comment #7
AdamPS CreditAttribution: AdamPS commentedComment #8
AdamPS CreditAttribution: AdamPS commented