The condition on line 26 in nodeaccess_password.403.inc fails if the node is visited via its aliased URL instead of its "node/nid" URL. That doesn't seem like intended behaviour.

I suggest adding something like this just before the condition:

if (arg(0, $path) != 'node' || !is_numeric(arg(1, $path))) {
  $path = drupal_lookup_path('source', $path);
}

Also, I believe some servers may have a base_path of just "/" (my localhost server does), in which case line 22's $full_path = str_replace($base_path, '', $request_uri); strips all slashes from the path. Would $full_path = preg_replace("#$base_path#", '', $request_uri, 1); work better there?

Comments

danielb’s picture

danielb commented

That is odd that request_uri() is used there instead of $_GET['q'], I wonder why that is

morbiD’s picture

morbiD commented

For some reason, the path doesn't seem to be available to that function through the usual mechanisms.

$_GET['q'] and arg(0) just return "nodeaccess_password_403" which I assume is why request_uri() is used instead.

Edit: I see how it works. When access is denied, the user is referred to /nodeaccess_password_403, so $_GET['q'] and arg(0) are returning the correct value. That means request_uri() has to be used to retrieve the path which caused the 403.

danielb’s picture

danielb commented
Status: Active » Fixed

awesome thanks, I've committed both your suggestions

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Anonymous’s picture

(not verified) commented
Issue summary: View changes

Clarification.