Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
user_load() doesn't check for invalid arguments which leads to the following errors when accessing a URL like user/foo:
* warning: Invalid argument supplied for foreach() in /home/amr/public_html/drupal/cvs/modules/user/user.module on line 89.
* user warning: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 query: SELECT * FROM users u WHERE in /home/amr/public_html/drupal/cvs/includes/database.mysql.inc on line 172.
Comment | File | Size | Author |
---|---|---|---|
#4 | user_url_check2.patch | 535 bytes | AmrMostafa |
#2 | user_url_check.patch | 560 bytes | AmrMostafa |
user_load_check.patch | 605 bytes | AmrMostafa | |
Comments
Comment #1
moshe weitzman CreditAttribution: moshe weitzman commentedthere are many many things we could check for like this, but we don't. these checks bloat the codebase IMO. my .02
Comment #2
AmrMostafa CreditAttribution: AmrMostafa commentedThere is a better place for this check ;-), in the menu system argument translation function user_current_load($arg), it makes more sense there as this is URL specific, stays away from user_load().
If I may say so, I completely agree about the code bloat, but to some extent. I believe that we shouldn't protect from programmers mistakes yes, but we should protect from user mistakes that lead to invalid SQLs hitting the database and filling the watchdog ;-)
Comment #3
chx CreditAttribution: chx commentedAh. Use a ?: and I think we will be fine.
Comment #4
AmrMostafa CreditAttribution: AmrMostafa commentedRerolled with ?:)
Comment #5
chx CreditAttribution: chx commentedBetter, but still, visiting user/foo when foo is a string and is not defined -- do we want to make that not spourt out errors?
Comment #6
keith.smith CreditAttribution: keith.smith commentedPatch no longer applies.
# patch -p0 < user_url_check2.patch
patching file modules/user/user.module
Hunk #1 FAILED at 966.
1 out of 1 hunk FAILED -- saving rejects to file modules/user/user.module.rej
Comment #7
dpearcefl CreditAttribution: dpearcefl commentedIs there any interest in this issue any more?