Occasionally when my site gets crawled dozens of access denied flag_lists URLs get hit of the form http://eample.com/flag-lists/flag/flag_lists_0_7/12345. This generates an access denied page and the message "Bad token. You seem to have followed an invalid link.". However, it also produces the following warnings:

Notice: Undefined index: token in flag_lists_page() (line 1411 of /.../modules/contrib/flag_lists/flag_lists.module).
Warning: Cannot modify header information - headers already sent by (output started at .../includes/common.inc:2773) in drupal_send_headers() (line 1485 of /.../includes/bootstrap.inc).
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at .../includes/common.inc:2773) in drupal_session_start() (line 287 of /.../includes/session.inc).

This patch simply checks for the token key in the $_REQUEST array and after calling drupal_access_denied() calls 'exit' rather than 'return'.

CommentFileSizeAuthor
#2 flag_lists_warnings-2854608.patch777 byteshadsie

Comments

hadsie created an issue. See original summary.

hadsie’s picture

Status: Active » Needs review
StatusFileSize
new777 bytes
sl27257’s picture

Hi,

thank you for the report and the patch! I will look into it!

/Thomas

sl27257’s picture

I have been able to reproduce the bug.

/Thomas

sl27257’s picture

Status: Needs review » Reviewed & tested by the community

The provided patch is working!

Thanks again!

Will prepare for pushing it into the dev-branch.

BR

/Thomas

  • sl27257 committed 7ed3927 on 7.x-3.x authored by hadsie
    Issue #2854608 by hadsie: Headers already sent warning on bad token
    
sl27257’s picture

Status: Reviewed & tested by the community » Fixed
sl27257’s picture

Status: Fixed » Closed (fixed)