Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The steps to reproduce this error seem convoluted but occur in practice when our users use AJAX funtionality in node forms with the oa_section_ref field.
- Edit a node that is part of a space to which the user only has admin access.
- This means that 'target group' contains the space in 'other groups' and nothing in 'your groups'.
- When the form loads, the Section selection list is populated via a query that is modified by
oa_sections_query_entityreference_alter()
- This function uses
_oa_sections_get_current_selected_space()
to find the current space of the entity. As this is the initial load, the space is read from the entity itself. - When some AJAX action is triggered, such as clicking 'Add another item' below the 'Other Groups' field, the Sections field is repopulated in this AJAX callback.
- Again,
oa_sections_query_entityreference_alter()
and_oa_sections_get_current_selected_space()
are invoked. - Now, the following branch in
_oa_sections_get_current_selected_space()
is triggered:
if (isset($_POST['og_group_ref'])) { $process = $_POST['og_group_ref']; }
As this is now a POST request.
- When the user is not member of the space but has administrative access, the contents of
$_POST['og_group_ref']
are like this:
['und' => [['default' => '', 'admin' => 'Group (123)']]]
- Somewhere further along this function, only
$process[LANGUAGE_NONE][0]['default']
is checked and$process[LANGUAGE_NONE][0]['admin']
is ignored. - Because of this, the code assumes there is no space associated with the node.
oa_sections_query_entityreference_alter()
now adds$query->condition('1', '0', '=');
to the query and the Sections option list is populated with 0 choices (except '- None -').
The bug can be easily fixed by also checking $process[LANGUAGE_NONE][0]['admin']
.
Comment | File | Size | Author |
---|---|---|---|
#2 | 2918907-oa_core-sections-on-ajax-2.patch | 614 bytes | Jorrit |
Comments
Comment #2
Jorrit CreditAttribution: Jorrit at nCode for DOM Digital Online Media GmbH commentedThe patch.
Comment #3
Jorrit CreditAttribution: Jorrit at nCode for DOM Digital Online Media GmbH commentedComment #4
mschuurman CreditAttribution: mschuurman commentedI'm having the same issue.
How can i apply the patch ?
I already tried it bij copying the patch in the root directory of the sit and execute git apply -v 2918907-oa_core-sections-on-ajax-2.patch
This doesn't work.
Comment #5
Jorrit CreditAttribution: Jorrit at nCode for DOM Digital Online Media GmbH commentedYou need to go to the oa_core directory, probably profiles/openatrium/modules/contrib/oa_core. Copy the file there and execute the command in that directory. Drupal patches are module specific, so they need to be applied in the module directory itself.
Comment #6
mschuurman CreditAttribution: mschuurman commentedThanks i applied the patch and it seems like it solved the problem.
Comment #7
Jorrit CreditAttribution: Jorrit at nCode for DOM Digital Online Media GmbH commentedGreat!
Comment #8
mpotter CreditAttribution: mpotter commentedCommitted to a38650f in oa_core. Thanks!