Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
This new bit of code in webform.module:
// Check if the user is allowed to submit based on role. This check is
// repeated here to ensure the user is still logged in at the time of
// submission, otherwise a stale form in another window may be allowed.
$allowed_role = TRUE;
if (variable_get('webform_submission_access_control', 1) && !$finished) {
$allowed_roles = array();
foreach ($node->webform['roles'] as $rid) {
$allowed_roles[$rid] = isset($user->roles[$rid]) ? TRUE : FALSE;
}
if (array_search(TRUE, $allowed_roles) === FALSE) {
$allowed_role = FALSE;
}
}
... fails to make the global $user variable available before using it.
It's a regression from #1680952: Submission role access isn't re-checked when validating a form.
Patch to follow.
Comment | File | Size | Author |
---|---|---|---|
#1 | webform-2023439-1.patch | 467 bytes | pjcdawkins |
Comments
Comment #1
pjcdawkins CreditAttribution: pjcdawkins commentedComment #2
quicksketchWell, son of a gun. Thanks @pjcdawkins. I'll make a new release shortly.
Comment #3
quicksketchI hate it when this happens, but that's what I get for not running the tests again before a release. I made alpha8 and it's now available for download.