Menu access, a new pitfall when going back to Drupal 5

Heine — Mon, 25/05/2009 - 12:56

If you spend a lot of time exclusively in one Drupal version, you develop muscle memory for its API. This can be pretty dangerous as I caught myself writing the following menu item while backporting a Drupal 6 module.

$items[] = array(

  'path' => 'admin/settings/foo',

  'access' => array('administer foo'),

  // ...

);

Note the array('adminster foo') instead of user_access('administer foo'). As non-empty arrays evaluate to TRUE in non-strict comparisons this is equivalent to 'access' => TRUE, granting access to all users.

Because I do not believe in the "Found a bug? Blog about it!"-approach to bugfixing, I filed #472160, but still wanted to share.

Post new comment

I reserve the right to edit any comment submitted to the site. If your comment contains flaming, advertisements, or simply too many spelling errors (leet speak), it may never appear.

Your name:

E-mail:

The content of this field is kept private and will not be shown publicly.

Homepage:

Subject:

Comment: *

Web page addresses and e-mail addresses turn into links automatically.
Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote>
Lines and paragraphs break automatically.
You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>, <as>, <as3>, <csharp>, <diff>, <drupal5>, <drupal6>, <html>, <js>, <mysql>, <php>, <phpbrief>, <python>, <sql>, <plain>, <xml>. Beside the tag style "<foo>" it is also possible to use "[foo]". PHP source code can also be enclosed in <?php ... ?> or <% ... %>.

More information about formatting options

Heine

Menu access, a new pitfall when going back to Drupal 5

Post new comment

Recent posts

Security reviews

Tags