Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.In hook_user(), bakery assumes that on an update op, the current user is the user being updated. This is not necessarily the case, and bakery should not mess with the current user's bakery session unless it is the case. I will include a patch which simply bypasses the functions when the current user and updated user are different, but this should be refactored to allow for the possibility without bypassing the update altogether.
| Comment | File | Size | Author |
|---|---|---|---|
| #4 | bakery-clean_user_update-1691654-4.patch | 2.46 KB | glennpratt |
| #2 | bakery-clean_user_update-1691654-2.patch | 2.21 KB | glennpratt |
| #1 | bakery-clean_user_update-1691654-1.patch | 1.41 KB | pdrake |
Comments
Comment #1
pdrake CreditAttribution: pdrake commentedComment #2
glennpratt CreditAttribution: glennpratt commentedSo, one reason this fix is needed is if you have code, perhaps Feeds or Services that ends up calling many user_save's in one process.
Comment #3
glennpratt CreditAttribution: glennpratt commentedI forgot to mention, another problem I had was that the Bakery cookie doesn't seem to get replaced when you update your own user account, so when you go to a slave site after changing your email address, you have a broken cookie with a link to repair which will try to set your email address to your old email address from the stale cookie.
Comment #4
glennpratt CreditAttribution: glennpratt commentedWhoops, bumping up patches fuzz to make a patch apply and not carefully checking the results is a bad idea!