After upgrading from the 1.2 to the 1.4 version of sections due to the last security alert on the module, a client reported that the "wrong" section was in use for most of the site. Investigating further, it appears that the current (1.4) version of sections has a bug that is triggered by the use of node_load() in the section's visibility settings (using PHP to set visibility, aka "Show if the following PHP code returns TRUE"). I did a good amount of testing, and isolated the issue to one line of the visibility code that invoked node_load. Sections worked as expected when that line was commented out, otherwise the bug behavior was seen.
Here is the offtending line from the visibility code I had entered into a section's configuration:
$node = node_load(arg(1));
What was happening is that the _sections_in_section(), as called by the sections_init() function (implementation of hook_init), was returning the first section it found that contained node_load() in the visibility code. Didn't matter if that visibility code actually returned FALSE. Subsequent uses of _sections_in_section (for example in the theme layer) worked properly, reporting the actual section that actually returned TRUE in the visibility code. But that call to _sections_in_section() in sections_init() returned the wrong section and is what sets the site theme, hence the bug report from the client.
I fixed this bug by reverting a few lines from the 1.4 version of _sections_in_section() to the 1.2 version. Does this re-trigger the security issue? I don't think so but I could be wrong. I don't know why these slight changes achieve the proper result and avoid the node_load bug, but so far they do.
My patch is attached.
| Comment | File | Size | Author |
|---|---|---|---|
| #3 | sections_vis_node_load.txt | 2.16 KB | greenmachine |
| 100118sections_node_load.patch | 1.25 KB | greenmachine |
Comments
Comment #1
hass commentedYour changes are not related to the minor security issue.
I need to dig into this issue... you may have a weight issue with your PHP enabled section... only keep in mind the one with the highest weight *WIN*... does your PHP section have a higher weight than the theme currently shown?
It would be easier if you are able to provide me the PHP code snippet you are using...
Comment #2
hass commentedCannot repro, no feedback
Comment #3
greenmachine commentedSorry for the late late feedback, I should set up e-mail notifications.
I did a *lot* of testing on the issue. It definitely was not caused by a weight setting. Only changing the code as provided in the patch fixed the issue.
Attached is a text file with two examples of the PHP snippets in use (minor changes to anonymize).
Comment #4
hass commentedAre you aware that the section table listing is weighted? The order in the table may be the issue... you can rearrange the sections in their order - this should solve your problem.
Comment #5
hass commentedYour code changes show me you have a wrong order of sections in the sections listing. Rearange the section with highest priority to the top and you are done.
Comment #6
hass commentedCould you please try the next DEV and enabled the new debug setting to figure out what's going wrong!? It should show you the wrong ordered section and what section matches.