Headers already sent error when page not found/access denied

Almost, but not quite.

_print_generate_path() does the same. It checks for MENU_NOT_FOUND and MENU_ACCESS_DENIED, but doesn't handle it well:

  if (is_int($node->content)) {
    switch ($node->content) {
      case MENU_NOT_FOUND:
        drupal_not_found();
        return FALSE;
        break;
      case MENU_ACCESS_DENIED:
        drupal_access_denied();
        return FALSE;
        break;
    }
  }

I did the same there and that works: replace return FALSE with drupal_exit().

It's very strange that _print_generate_path() even calls drupal_not_found()... This is a helper function that should be callable from anywhere, it shouldn't alter the request. But since it does that anyway, I think this is the solution.

Since 2.x is the active branch, and it's still a bug in 2.0.

And the patch against 2.x-dev

#4 works for me. Thx!

Providing a more complete patch for 1.x version of the module, in case anyone needs it.

Added another set of drupal_exit()'s in _print_generate_node() where the same not_found/access_denied were triggered to the patch in #4.

Other than that, works as expected!

#8 works for me. thank you!

Anyone, please commit!

I'm hiding all but the most recent patch in hopes that speeds-up the review.

Also, as annoying as the bug is I'm not sure it qualifies as "critical" as I don't think it leads to instability or data loss. So "major" may be most appropriate. That's probably splitting hairs though. Either way hopefully a maintainer can have a look here.

#8 works for me. thanks! yes lets get this committed!

yup, all good on my end with the patch in #8. I messaged the maintainer to see if we can get this committed.

Thanks!

It probably makes some sense to port it back to 7.x-1.x.. But you should really move away from that branch.

I've deprecated the 7.x-1.x-dev branch.