Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
This new bit of code in webform.module:
// Check if the user is allowed to submit based on role. This check is
// repeated here to ensure the user is still logged in at the time of
// submission, otherwise a stale form in another window may be allowed.
$allowed_role = TRUE;
if (variable_get('webform_submission_access_control', 1) && !$finished) {
$allowed_roles = array();
foreach ($node->webform['roles'] as $rid) {
$allowed_roles[$rid] = isset($user->roles[$rid]) ? TRUE : FALSE;
}
if (array_search(TRUE, $allowed_roles) === FALSE) {
$allowed_role = FALSE;
}
}
... fails to make the global $user variable available before using it.
It's a regression from #1680952: Submission role access isn't re-checked when validating a form.
Patch to follow.
Comment | File | Size | Author |
---|---|---|---|
#1 | webform-2023439-1.patch | 467 bytes | pjcdawkins |
Comments
Comment #1
pjcdawkins CreditAttribution: pjcdawkins commentedComment #2
quicksketchWell, son of a gun. Thanks @pjcdawkins. I'll make a new release shortly.
Comment #3
quicksketchI hate it when this happens, but that's what I get for not running the tests again before a release. I made alpha8 and it's now available for download.