Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I've been getting random anonymous requests to the path user/validate (without any additional parameters), and it causes PHP errors because of missing arguments to logintoboggan_validate_email(). We can use menu loaders to help clean up some code as well as reduce some user account loading code by using the %user menu load argument.
Comment | File | Size | Author |
---|---|---|---|
#3 | 633386-logintoboggan-D6.patch | 9.05 KB | Dave Reid |
#3 | 633386-logintoboggan-D7.patch | 9.17 KB | Dave Reid |
#1 | 633386-logintoboggan-D7.patch | 9.15 KB | Dave Reid |
#1 | 633386-logintoboggan-D6.patch | 9.03 KB | Dave Reid |
Comments
Comment #1
Dave ReidDon't be scared with the big chunk of changed code in logintoboggan_validate_email(). All I did was remove the "sanity" checks to it's own menu access callback and then un-indented the function's code. Looks worse than the change really is.
Comment #2
hunmonk CreditAttribution: hunmonk commentedshouldn't the access check be:
$timestamp < REQUEST_TIME && $account->uid
Comment #3
Dave ReidOh that's true; it would successfully load the anonymous user. Moved the $account->uid check before the timestamp just incase we can skip running time() in D6. Revised patches for review.
Comment #4
hunmonk CreditAttribution: hunmonk commentedone more question related to the access functions:
isn't FALSE returned for %user if no user object can be loaded for that placeholder? if that's the case, we should be checking for !empty($account->uid) instead of $account->uid, in order to avoid PHP notices.
Comment #5
Dave ReidYes it does return FALSE, but the way menu loaders work, if any of the loaders return FALSE it assumes that the path is denied or invalid and doesn't even check the access callback and returns a 404.
See function stack menu_execute_active_handler() -> menu_get_item() -> _menu_translate() -> _menu_load_objects().
Comment #6
hunmonk CreditAttribution: hunmonk commentedcommitted to 6.x-1.x-dev and 7.x-1.x-dev, thanks for your work on this!
Comment #7
Dave ReidThanks to you too! :)