Closed (fixed)
Project:
Role Delay
Version:
7.x-1.x-dev
Component:
Code
Priority:
Critical
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
5 Oct 2012 at 14:32 UTC
Updated:
24 Apr 2014 at 18:40 UTC
Jump to comment: Most recent, Most recent file
Comments
Comment #1
rfayThis ends up being a critical mission-defying bug. In many, many cases a simple user update (such as an admin making a change to the user) will result in delayed roles being cleared.
What's going on here is that in hook_user() 'update', the decision to clear delayed roles for the user is intended to be when the user is blocked. But the comparison is
if ($edit['status'] == 0). Well, if $edit['status'] is not set, which is very common (in my case when a user is updated by validating their account using logintoboggan's technique), this still evaluates to true.The attached patch changes to make sure that the user is actually being blocked, and makes sure that the comparison is type-safe ($edit['status'] === 0). It also removes a couple of drupal_set_message() calls that get shown to the actual user, when they really shouldn't be.
Comment #2
WorldFallz commentednice catch-- thanks for the patch randy. I should be able to get it in today or tomorrow.
Comment #3
WorldFallz commentedcommitted to dev: http://drupalcode.org/project/role_delay.git/commit/ec67b80.
I need to do it for d7 also.
Comment #4
Leeteq commentedIs this going into 7.x-dev anytime soon?
Comment #5
WorldFallz commentedThere's no updated patch and I don't actually use it on d7 so it fell off my radar, but ill try to get to it this week.
Comment #7
WorldFallz commented