Drupal coder: hook_load and data isolation

Quick news

2019-10-26: Presenting on NoSQL in Drupal 8 at DrupalCon Amsterdam
2019-02-15: Presenting on FranceTV Sport on Drupal 8 at DrupalCamp Paris
2018-06-08: Presenting on how to react to a hacked site at Drupal Hack Camp
2014-03-27: MongoDB Watchdog module ported to Drupal 8 at the Szeged Dev Days.
2014-01-26: My post on the Symfony web profiler in Silex selected in Week of Symfony. w00t !
2013-10-18: My first commit went into MongoDB today. And, guess what ? It's in JavaScript
2013-09-20 to 29: Working on Drupal 8 EntityAPI at the extended code sprints during and around DrupalCon Prague
2012-08-19: Working on Drupal 8 EntityAPI at Drupalcon Munich
2012-06-15: Working on Drupal 8 EntityAPI at DrupalDevDays Barcelona
2012-03-23: Working on the future Drupal Document Oriented Storage at DrupalCon Denver. D8 or later ? ~~Bets are on~~ Later

Latest sites

2017-11-26: New Drupal 8 site at Rue du Commerce, architected and tech-led by OSInet, just went throught Black Friday week with flying colors thanks to RabbitMQ
2017-05-26: New headless Drupal 8 / Symfony 3 site at FranceTV Sport, architected and tech-led by OSInet, with RabbitMQ
2017-02-20: New Drupal 8 site galaxy (+/- 70 sites) for Agences Régionales de Santé architected and tech-led by OSInet, delivered by Klee
2015-08-21: 50% less server load with MongoDB on the Drupal 7 site factory at France Télévisions
2015-07-15: Our first Drupal 8 production site at France Télévisions is live
2014-08-18: 400% speedup in 3 weeks for http://france3-regions.francetvinfo.fr/ : who said Drupal back-offices had to be slow ?
2014-02-07: Sotchi Olympics traffic not a problem for http://www.francetvsport.fr/ , which I rearchitected on Drupal 7 in 2013
2011-09-14: Completed migration of FranceInfo.FR from SPIP to Drupal
2011-07-13: The new social network features of Le Figaro are now powered by an OSInet-designed MongoDB implementation

Submitted by Frederic Marand on Mon, 2005-10-10 21:40

Add new comment

You're peacefully coding a hook_load implementation in your latest drupal module, when your admin account suddenly gets "Access denied" errors looking at nodes. Yikes...

Yesterday, I was coding a first version of helpdesk_load, the hook_load implementation in the helpdesk module, when all of a sudden, drupal stopped displaying my nodes and returned "Access denied".

At this point, the trouble lies in that I'm logged as admin on the site, which means that access isn't even checked, so access denial is theoretically out of the question: the access hooks are automatically bypassed in this case.

Commenting out helpdesk_load, problem disappears. Uncommenting, problem reappears. OK, it's got to be me, then... some Zend debugger work shows that the global $node->nid suddenly disappears after helpdesk_load, although it is correctly initialized upon entering it.

Look at the API spec for hook_load: it says the hook is used to load extra information, which is just what I'm doing. And I can see the extra information when I return from helpdesk_load into drupal's node_load.

Would it be some side effet ? Some (shudder) stack overwrite ? Not at all... it is actually an undocumented (yet) feature of hook_load, which is actually used not only to load extra information, but also possibly overwrite drupal's pre-loaded information. Including $node->nid. And as my code has its own nid value, uninitialized manually because it isn't used, this value was returned into node_load, which silently overwrites the current nid. Which meant it finds itself choking a few lines below because it no longer has a valid nid to process.

There's now an issue on this, so the documentation should be updated reasonably soon. Problem closed. Discussion on the drupal IRC channel has confirmed this overwriting behaviour is "as designed" and actually used by some essential modules.

In the meantime, this gives a lesson, IMHO: when coding a hook_load implementation, you never know what property names the next contributed module will define, which means name collisions are bound to happen, and even more so as drupal develops more widely day after day and the number of available modules increases constantly, and at some point, only alphabetical order of the modules defines the load order, in the current version. So make your names unique.

To achieve this uniqueness constraint without kilometric identifiers, it can be a good idea to wrap the returned object required by the hook_load spec into another object. The outer object will be stripped by node_load, which will then just see one property, the inner object, and add it to the global node's properties as a nicely isolated black-box object. That way you'll be sure your implemented can never overwrite a prior module's own properties, and no module loaded after yours can overwrite your own properties. OO-typical safety at a minimal overhead cost.

Tagged for isolation, drupal, module development, hook_load.

fgm @ OSInet

I'm @fgm@mamot.fr on Mastodon
Looking for a new project to work on, preferably Go and/or Drupal-based. Contact me, let's see how we could work together.
Have you read my Go book and its blog ?
Check my drupal.org profile
See our OSInet pro services site.
Find me on

Follow me on LinkedIn