Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.If any module implements hook_permission incorrectly, by not creating a nested array for each declared permission, then the permissions page gets a fatal error for an unsupported operand. The issue resides in the user_admin_permissions() function, which on line 690 loops through all permissions declared by module's hook_permissions implementation:
foreach ($permissions as $perm => $perm_item) {
// Fill in default values for the permission.
$perm_item += array(
'description' => '',
'restrict access' => FALSE,
'warning' => !empty($perm_item['restrict access']) ? t('Warning: Give to trusted roles only; this permission has security implications.') : '',
);
The WSOD will occur if $perm_item is not an array. If it is not, then an unsupported operands fatal error occurs.
To correct this, the functions should check that $perm_item is an array before adding to it.
| Comment | File | Size | Author |
|---|---|---|---|
| #1 | user.admin_.inc-1204198.patch | 736 bytes | soyarma |
Comments
Comment #1
soyarma CreditAttribution: soyarma commentedPatch adding an is_array() check before the troublesome operand.
Comment #2
Anonymous (not verified) CreditAttribution: Anonymous commentedThe general stance on this is that core doesn't babysit contrib code. If a contrib module breaks core with an implementation, then an issue should be filed against that module.
Comment #3
soyarma CreditAttribution: soyarma commentedI've actually had that stance mentioned to me before in light of this issue. While I actually agree with it, the people who actually suffer are the folks we're trying to get to adopt Drupal. I don't think its necessary everywhere, but the change between hook_perm to hook_permission seems to make this prudent.
Comment #4
takim CreditAttribution: takim commentedI do not think this patch is required anymore! It has been already fixed in current version of Drupal.
Comment #5
takim CreditAttribution: takim commented