if drupal_get_normal_path does anything at all to an empty path, drupal_not_found and drupal_access_denied break

The 3 problem is a bug in the i18n module, not a bug in core.

This patch just makes drupal_access_denied a bit more tolerant to the case where drupal_get_normal_path is not a no-op. If you examine the patch, I think you'll agree that this is how the logic was meant to be.

drupal_get_normal_path actually returning something different than what is passed in being the normal case when i18n is installed.

Let's rhetorically completely ignore i18n for the moment.

Given that i18n is not installed, does it become an invariant of all drupal installations that (!drupal_get_normal_path('')) is always true?

If so, this patch certainly doesn't hurt anything. If variable_get('site_404', '') returns '', then given the invariant assumed above, drupal_get_normal_path('') will always evaluate the same as '' in the if ($path) guard.

If *not*, this patch fixes a bug where, if no custom site 404 or 403 page is set, variable_get('site_404','') returns '', but drupal_get_normal_path('') may in some instances return a value that evaluates as true. Given that no 404 page is set, we don't want to run a custom handler, no matter what drupal_get_normal_path returned. But without this patch, a custom handler (namely the one corresponding to drupal_get_normal_path('')) will get run, which is not the correct behavior.

The problem is in both access denied and not found functions, and the patch attached to this comment (obsoleting the previous patch) addresses both.

patch again applies to HEAD