Heine

  • Home
  • Drupal
  • About
Home

Menu access, a new pitfall when going back to Drupal 5

Heine —Mon, 2009/05/25 - 13:56

If you spend a lot of time exclusively in one Drupal version, you develop muscle memory for its API. This can be pretty dangerous as I caught myself writing the following menu item while backporting a Drupal 6 module.

$items[] = array(
  'path' => 'admin/settings/foo',
  'access' => array('administer foo'),
  // ...
);

Note the array('adminster foo') instead of user_access('administer foo'). As non-empty arrays evaluate to TRUE in non-strict comparisons this is equivalent to 'access' => TRUE, granting access to all users.

Because I do not believe in the "Found a bug? Blog about it!"-approach to bugfixing, I filed #472160, but still wanted to share.

  • Drupal
  • Planet Drupal
  • Pitfalls

Recent posts

  • Teampassword manager's password generator is biased
  • Other vectors for SA-CORE-2014-005?
  • Lazy loading: hook_hook_info is for hook owners only.
  • "Always offline" problem in EA's Origin due to antivirus
  • From bug to exploit - Bakery SSO
more

Security reviews

I provide security reviews of custom code, contributed modules, themes and entire sites via LimoenGroen.

Contact us for a quote.

Follow @ustima

Copyright © 2021 by Heine Deelstra. All rights reserved.

  • Home
  • Drupal
  • About