Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
If the current variable is empty, then it takes the path from the $_GET['q'], which is not good.
It should check before, that the $_GET['current'] exists or not, and if so it should be set as current instead.
If we dont do it this way, the checks will be incorrect.
Comment | File | Size | Author |
---|---|---|---|
#7 | always_consider_current_param-2231269-7.patch | 423 bytes | joshf |
#1 | issue-2231269-1.patch | 495 bytes | mr.york |
Comments
Comment #1
mr.york CreditAttribution: mr.york commentedAttached the patch.
Comment #2
mithy CreditAttribution: mithy commentedI wonder whether current can be set but NULL under normal operation. By no means this is critical.
Comment #3
mpdonadio@mithy, I think this is a real bug.
Consider setting the destination based on the page you are on, but coming to the login form from a menu link:
1. Place 'user/login' in a menu.
2. Create a destination rule. Set the destination to be an arbitrary place, and set the path to match against to be somewhere else
3. Browser to the path you set above on the site and click this menu entry
4. You should be redirected to user/menu?current=somewhere
5. Login, and you should not goto the somewhere path you defined above. _login_destination_match_rule() will move on to the next rule().
login_destination_translated_menu_link_alter() tacks current= to the query options to the $item['user/login'], but login_destination_get_destination() does not check this.
Personally, I think this is better
which also addresses the concern about current being NULL under normal operations. This fixes the scenarios I describe.
Comment #4
awolfey CreditAttribution: awolfey commentedThis is a needed fix and the patch works.
Comment #5
DrCord CreditAttribution: DrCord commentedThis patch worked for us as well.
Comment #6
DrupalGideonI don't know why you didn't just use the ternary operator to save on a few lines of code :) And wouldn't the line above be better as
if ($current === NULL) {
(The argument about whether this way is quicker than is_null() rages on elsewhere so I'm not commenting on that!)
But if this patch has been reviewed and works, then status should be set to RTBC, so a new release can be done. Which would be awesome!
Comment #7
joshf CreditAttribution: joshf commentedThis may be better categorized as a feature request. Either way, I needed the functionality. I used the existing _login_destination_get_current() function instead of duplicating the functionality. Now it works consistently across both login and logout triggers.
Comment #8
ddrozdik CreditAttribution: ddrozdik as a volunteer commentedPatch #7 reviewed and tested. Could be applied.
Comment #10
ddrozdik CreditAttribution: ddrozdik as a volunteer commented