Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Someone, attempting to leaving a comment and being asked register, probably with spurious credentials and evil intent generates this notice:
Notice: unserialize(): Error at offset 0 of 4 bytes in UserController->attachLoad() (line 268 of modules/user/user.module).
when I log in and access the (unapproved) account:
/user/1#overlay=user/3/edit%3Fdestination%3Dadmin/people
Comment | File | Size | Author |
---|---|---|---|
#34 | schema_defaults.patch | 6.38 KB | bleen |
#33 | schema_defaults.patch | 6.38 KB | chx |
#29 | sqlite_and_php_together_is_fun.patch | 1.83 KB | dmitrig01 |
#25 | sqlite_and_php_together_is_fun.patch | 1.37 KB | chx |
#18 | sqlite_nulls_schema.patch | 863 bytes | chx |
Comments
Comment #1
EvanDonovan CreditAttribution: EvanDonovan commentedThis is a PHP notice, so I don't think that it is caused by the person who registered. Notices are one of the lowest levels of messages that PHP can throw, so this probably just wasn't caught by the developers of Drupal core yet.
I have made the title of this issue contain the actual error, so that it will be more likely to be reviewed by someone who can figure it out.
Comment #2
mnicholas CreditAttribution: mnicholas commentedYou're right, it doesn't look like user input. I registered using simple names and the error is present too.
WILD GUESS: Maybe it's a SQLite problem - someone will have spotted this before otherwise.
This also pops up:
# Notice: unserialize(): Error at offset 0 of 4 bytes in _drupal_session_read() (line 108 of /home/sp/drupal/drupal7/includes/session.inc).
Comment #3
scotwith1tI'm getting this just viewing a user page, whether logged in or not.
Error messageNotice: unserialize(): Error at offset 5 of 22 bytes in UserController->attachLoad() (line 268 of /{path_to}/user.module).
not using SQLite, so i think that may rule that out.
Comment #4
mnicholas CreditAttribution: mnicholas commentedStill pesent in beta3.
Comment #5
EvanDonovan CreditAttribution: EvanDonovan commentedCan someone reproduce this with the devel module's backtrace error handler on? (or else XDebug?) That way, we can see what is leading up to the error.
Comment #6
EvanDonovan CreditAttribution: EvanDonovan commentedRetitling, since it occurs under more general conditions.
Comment #7
mnicholas CreditAttribution: mnicholas commentedThis error arises from the users.data field being initialised to the string 'NULL'.
The users table in my test SQLite DB looks a bit like this:
This arises from this:
There are numerous other examples of this sort of thing, for example: filter.settings, field_revision_comment_body.comment_body_value etc.
The above examples are taken from an SQL dump of the database.
This is really a database system or an install system issue now; I'll leave it to a wiser head to decide which.
Comment #8
mnicholas CreditAttribution: mnicholas commentedComment withdrawn.
Comment #9
EvanDonovan CreditAttribution: EvanDonovan commentedReassigning and escalating, since I think #7 implies a schema update will be necessary.
Comment #10
bfroehle CreditAttribution: bfroehle commentedMySQL's
createFieldSql
vs. SQLite's
createFieldSql
vs. pgsql
Comment #11
catchMoving to sqlite queue.
Comment #12
catchPlease leave the version at 7.x-dev, otherwise it doesn't show up in the right lists.
Comment #13
Stevel CreditAttribution: Stevel commentedThe last NULL value (for the data column) is actually a string 'NULL' instead of the constant NULL, which I think is the cause of the error. Now the real problem is 'NULL' being inserted as a string of course...
edit: The default for the data column is the string 'NULL' as well, which I think is caused by an error in introspectSchema():
This sets $schema['fields'][$row->name]['default'] to 'NULL' (string) instead of NULL (constant) in case of the {users}.data field.
Comment #14
Stevel CreditAttribution: Stevel commentedChanging the title to reflect the underlying bug.
The same error occurs for the default of the INTEGER columns being set to '0' (string) instead of 0 (int), which is not so much a problem because of re-casting on insert.
Comment #15
Damien Tournoud CreditAttribution: Damien Tournoud commentedEw. I see.
Raising to critical because we might need a schema update for this :(
Comment #16
Stevel CreditAttribution: Stevel commentedSmall debug session:
This means that when the default value is defined as a string, it is returned enclosed in single quotes. When it is NULL, an integer, a float... it is returned without quotes.
edit: does this mean we need to alter each and every field that has been altered in a previous update function again after the introspection is fixed? Or maybe only those after beta 1 is released, since sqlite wasn't included in D6?
Comment #17
Damien Tournoud CreditAttribution: Damien Tournoud commentedYes, the real issue is just that
'default' => trim($row->dflt_value, "'")
is too naive.Comment #18
chx CreditAttribution: chx commentedYup. Write tests for this please. Note that trim is wrong, it rips out valid apostrophes, if the default starts or end with one.
Comment #19
Crell CreditAttribution: Crell commentedComment #20
chx CreditAttribution: chx commentednote that even this might not be enough, i did not check that default value does not come out the string N-U-L-L instead of just being NULL. In the latter case we need some truly ugly else cause to my patch.
Comment #21
carlos8f CreditAttribution: carlos8f commentedIsn't this the same as
trim($row->dflt_value, "'")
? I don't see what the patch accomplishes.Comment #22
marketacumen CreditAttribution: marketacumen commentedI'm new to the drupal community, but is there something like unquote in the core?
carlos8f's suggestion is OK, but will break a string like:
How about an unquote function like:
Comment #23
carlos8f CreditAttribution: carlos8f commentedI see now why trim() is wrong, it removes multiple instances of single quotes, whereas we only want to remove the outer instances.
How about:
Comment #24
Damien Tournoud CreditAttribution: Damien Tournoud commentedAre we really sure that we get a quoted string here? That sounds very very doubtful to me.
Comment #25
chx CreditAttribution: chx commentedComment #26
carlos8f CreditAttribution: carlos8f commentedRe: #24, yes we do get a quoted string.
And #25 looks correct because as we've found out, we should also be unescaping literal single quotes here, by un-doubling them.
So who wants to write the test? :P
Comment #27
Dries CreditAttribution: Dries commentedThis is not proper English.
I don't know what is meant with 'doubled-up'. Do you mean they are escaped twice? It is not clear why there are 2 quotes.
Comment #28
carlos8f CreditAttribution: carlos8f commented"doubled up" means literally that -- SQLite requires you to escape single quotes by doubling them, i.e.
'Dries''s comment'
Comment #29
dmitrig01 CreditAttribution: dmitrig01 commentedComment #30
dmitrig01 CreditAttribution: dmitrig01 commentedUps, that was meant to be a comment saying "this patch fixes the issues Dries pointed out with the documentation"
Comment #31
EvanDonovan CreditAttribution: EvanDonovan commented+ // are discarted using substr.
Should be "discarded".
Leaving at "needs review" for review of actual code.
Comment #32
chx CreditAttribution: chx commentedWorking on tests.
Comment #33
chx CreditAttribution: chx commentedHere we go.
Comment #34
bleen CreditAttribution: bleen commentedidentical to #33 w/o the whitespace issue
Comment #35
mnicholas CreditAttribution: mnicholas commentedI've been away from this for a few days - sorry about that.
It seems to me that the simplest way to produce a column default of NULL (not the string of the same name!) is to have no DEFAULT clause at all. From the SQLite documentation (http://www.sqlite.org/lang_createtable.html):
Cheers!
Comment #36
Damien Tournoud CreditAttribution: Damien Tournoud commentedI guess this is intended to be a isset() instead of a !empty()?
Comment #37
chx CreditAttribution: chx commentedNo, I wanted to avoid the usual 0-null-'' equivalence.
Comment #38
Crell CreditAttribution: Crell commentedThis seems to affect primarily SQLite and Postgres, so I will let chx and Damien make the final RTBC. However, reading through the patch in #34 it looks good to me. +1 when chx and Damien are happy with it.
Comment #39
chx CreditAttribution: chx commentedThe remaining problem here: if someone installed a site with RC2 on SQLite they *might* have a broken site. We might need to go over the tables and fix defaults from quoted-null to just null. Not sure, needs testing. As for #37, consider setting the default to NULL or 0 and getting back something else, assertEqual will give you a pass. There might be better ways but this is good enough. You can't always do assertIdentical because we stringify fetches so setting a default of 7 and reading it back is '7'
Comment #40
Damien Tournoud CreditAttribution: Damien Tournoud commentedSounds good to me.
Comment #41
chx CreditAttribution: chx commentedwth, no, this is not ready, what about the upgrade path I mentioned?
Comment #42
matt2000 CreditAttribution: matt2000 commentedConfirming the upgrade issue. The test fails both before and after the fix is applied to a 7.0-rc2 installation.
Comment #43
chx CreditAttribution: chx commentedWhile the usage of quote is more appropriate (and I am sure semicolons in defaults would present a huge problem), I am unable to reproduce the issue -- note that there are no clear reproduction instructions. I have tried beta 3 and RC2 both, created a user, visited the profile, no probs. Tried field_revision_comment_body (edited for brevity):
not a 'NULL' in sight.
Now, I can prove that indeed 'NULL' was sent to SQLite but the above proves that SQLite somehow converts that to NULL (once again edited for brevity):
See how the 'NULL' became a NULL both in INSERT and CREATE TABLE? (Edit: i tested and the 'NULL' is not an artifact of the mode insert. It can use and display NULL just fine.)
Comment #44
chx CreditAttribution: chx commentedAnd there is nothing to upgrade.
Comment #45
bojanz CreditAttribution: bojanz commentedI tried to replicate the initial problem, but wasn't able to.
Installed the latest dev on sqlite, created a new user, created content (with body empty), browsed and clicked, didn't see anything.
It's very possible that I missed something, but I just wanted to report this...
Comment #46
Damien Tournoud CreditAttribution: Damien Tournoud commentedComment #47
Garrett Albright CreditAttribution: Garrett Albright commentedI gave this a look by checking out 7.x-beta2 and doing an install. I also cannot replicate the problem of quoted NULLs showing up in the schema, as in #43.
The patch in #34 no longer cleanly applies; modules/simpletest/tests/schema.test has changed enough that only one hunk works. I'm not sure where the tests it's trying to change have wandered off to; git grepping around didn't find them.
I think we still want to quote things the right way, so this patch is still in the running, but someone in the know about where the tests are nowadays needs to update that part of it. Reducing priority, however, as it appears that the problem is not as dire as it ever seemed.
Comment #48
caponey CreditAttribution: caponey commentedI'm getting this error too, using Drupal 7.2
Notice: unserialize() [function.unserialize]: Error at offset 0 of 4 bytes in UserController->attachLoad() (line 287 of /var/www/docs/www.mysite.com/htdocs/modules/user/user.module).
I'm still setting up my site, and hadn't noticed it before until after I deleted some users. This error shows up on all user profile pages, except for the Admin's profile.
I can't patch; I have tried before, and fail every time. Will this be fixed in a future version of Drupal?
Comment #49
Damien Tournoud CreditAttribution: Damien Tournoud commentedTriaging.
Comment #50
chx CreditAttribution: chx commentedComment #51
Stevel CreditAttribution: Stevel commentedComment #52
pwolanin CreditAttribution: pwolanin as a volunteer and at SciShield commentedLooks like this is still an issue in Drupal 9 in terms of not casting the default value:
'default' => trim($row->dflt_value, "'"),
The default does seem to be escaped by the driver, at least.
Comment #56
quietone CreditAttribution: quietone at PreviousNext commentedThis was a bugsmash triage target. lendude suggested that this was fixed now that everything is quoted. He also pointed out that this was reported not reproducible in #45. Also, the code around the line from #52 was modified in #3232699: SQLite schema introspection implementation struggles with NULL default values.
I think it is time to close this as outdated.
If you are experiencing this problem on a supported version of Drupal reopen the issue, by setting the status to 'Active', and provide complete steps to reproduce the issue (starting from "Install Drupal core").