When using another module to auto delete form submissions, such as such as Webform Clear (https://drupal.org/project/webform_clear) or webform nosave (https://drupal.org/sandbox/sense/1895002), the permissions on showing the confirmation page are a bit too strict. If a submission has been deleted the function webform_confirmation_page_access returns FALSE, thus causing an "Access Denied" error message on the confirmation page.
FYI, I created an issue on the webform clear project page here: https://drupal.org/node/2275735
I am going to add a patch here that will allow the confirmation page to show, even if the $submission variable is null (meaning the submission has been deleted). I will be sure to check that the node itself is able to be viewed (using the node_access function) so I'm not giving too much access.
I'm hoping that someone can confirm that this will not cause a security issue by allowing this through.
Thank you! (patch coming in a moment)
Comment | File | Size | Author |
---|---|---|---|
#6 | webform-confirmation_access-2275943-5.patch | 878 bytes | DanChadwick |
#1 | webform-conf-page-access-2275943-2.patch | 415 bytes | ladybug_3777 |
Comments
Comment #1
ladybug_3777 CreditAttribution: ladybug_3777 commentedPatch attached for the issue
Comment #2
ladybug_3777 CreditAttribution: ladybug_3777 commentedComment #3
ladybug_3777 CreditAttribution: ladybug_3777 commentedComment #4
ladybug_3777 CreditAttribution: ladybug_3777 commentedCan this be reviewed and added to the next release? I keep having to apply this patch whenever I upgrade the module, it would be nice to have it added :-) Thanks!
Comment #6
DanChadwick CreditAttribution: DanChadwick commented@ladybug_3777- Sure.
A couple of suggestions. First, follow coding conventions to make it easier for maintainers to commit your patches (e.g. space after if, start comments with a capital letter and end them with a period). This odd case also needs some explanation of the motivation for future code readers.
Also, reviewing other patches in the issue queue gives you good karma and tends to get attention from maintainers. :)
Congratulations on your first committed patch!
Committed to 7.x-4.x and 8.x.
Comment #7
ladybug_3777 CreditAttribution: ladybug_3777 commentedThanks @DanChadwick! I appreciate the suggestions, will do!