Pubcookie breaks Drupal's core user.module login [#1587904]

When pubcookie is enabled, Drupal's core user/login gets broken. (This is only an issue if you need to use pubcookie concurrent with drupal's core user/login.)

The pubcookie_user_presave() function sets the user.module's $account->mail value to '@'
Users can still create accounts, but user.module sets the new user's mail value to '@' or '' as a result.

As a workaround you can get pubcookie_user_presave to check that it's the module handling the login by changing:
if ($account->is_new) {
to
if ($account->is_new && preg_match( '/login\/pc/' , $_ENV['REQUEST_URI'] ) ) {

Not sure what glaring security implications this workaround creates.

Comments

Comment #1

jvandyk commented 18 May 2012 at 00:13

Assigned:

Unassigned

» jvandyk

Nice catch. Will fix.

Comment #2

jvandyk commented 18 May 2012 at 16:56

Status:

Active

» Fixed

Fixed in 7.x-1.0. Rather than taking the approach above, we now check if the $_pubcookie_user is set; if not, account creation is being handled by another module.

Comment #3

druliner commented 18 May 2012 at 22:08

Tested in on our development and production multi-site environments and it works like a champ.
Thanks for the quick turn-around.
Dan

Comment #4

1 June 2012 at 22:11

Status:

Fixed

» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Pubcookie breaks Drupal's core user.module login

Comments

Comment #1

Comment #2

Comment #3

Comment #4

News items

Our community

Documentation

Drupal code base

Governance of community