When using another module to auto delete form submissions, such as such as Webform Clear (https://drupal.org/project/webform_clear) or webform nosave (https://drupal.org/sandbox/sense/1895002), the permissions on showing the confirmation page are a bit too strict. If a submission has been deleted the function webform_confirmation_page_access returns FALSE, thus causing an "Access Denied" error message on the confirmation page.

FYI, I created an issue on the webform clear project page here: https://drupal.org/node/2275735

I am going to add a patch here that will allow the confirmation page to show, even if the $submission variable is null (meaning the submission has been deleted). I will be sure to check that the node itself is able to be viewed (using the node_access function) so I'm not giving too much access.

I'm hoping that someone can confirm that this will not cause a security issue by allowing this through.

Thank you! (patch coming in a moment)

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

ladybug_3777’s picture

Patch attached for the issue

ladybug_3777’s picture

Version: 7.x-4.0-rc3 » 7.x-4.x-dev
ladybug_3777’s picture

Status: Active » Needs review
ladybug_3777’s picture

Can this be reviewed and added to the next release? I keep having to apply this patch whenever I upgrade the module, it would be nice to have it added :-) Thanks!

DanChadwick’s picture

Category: Bug report » Feature request
Status: Needs review » Fixed
FileSize
878 bytes

@ladybug_3777- Sure.

A couple of suggestions. First, follow coding conventions to make it easier for maintainers to commit your patches (e.g. space after if, start comments with a capital letter and end them with a period). This odd case also needs some explanation of the motivation for future code readers.

Also, reviewing other patches in the issue queue gives you good karma and tends to get attention from maintainers. :)

Congratulations on your first committed patch!

Committed to 7.x-4.x and 8.x.

ladybug_3777’s picture

Thanks @DanChadwick! I appreciate the suggestions, will do!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.