function user_login_name_validate($form, &$form_state) {
if (isset($form_state['values']['name']) && user_is_blocked($form_state['values']['name'])) {
but in user_login_authenticate_validate():
if (!empty($form_state['values']['name']) && !empty($password)) {
and user_authenticate(), which gets given that value uses empty() too:
function user_authenticate($name, $password) {
$uid = FALSE;
if (!empty($name) && !empty($password)) {
This creates an inconsistency which makes it difficult for custom/contrib modules to do form alteration around user login (eg http://drupal.org/project/email_registration).
On D7, there is also user_account_form_validate() which uses !empty().
Comment | File | Size | Author |
---|---|---|---|
#5 | use-empty-1996644-5.patch | 748 bytes | apkwilson |
#1 | use_empty-1996644.patch | 793 bytes | abghosh82 |
Comments
Comment #1
abghosh82 CreditAttribution: abghosh82 commentedI agree using !empty as it covers isset as well as existence of a variable.
Submiting a patch, see if this is what you have meant.
Comment #2
fjd CreditAttribution: fjd commentedPatch applied cleanly. Verified
isset($form_state['values']['name'])
has been changed to!empty($form_state['values']['name'])
in /core/modules/user/user.module.Created new user and blocked them. Verified user sees the error message when they try to log on.
Comment #3
alexpottConsistency++
Committed 8cc7520 and pushed to 8.x. Thanks!
Comment #4
alexpottSetting appropriate statuses
Comment #5
apkwilson CreditAttribution: apkwilson commentedPatch ported (if I did it right, anyway).
Comment #6
lauriiiPatch applies and works
Comment #7
joachim CreditAttribution: joachim commentedThanks for reviewing.
Comment #8
David_Rothstein CreditAttribution: David_Rothstein commentedCommitted to 7.x - thanks! http://drupalcode.org/project/drupal.git/commit/1f3e78c