From f87f488e1d5ddd041f8d0f04f3b2dd7dbe84d302 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Fri, 12 Mar 2010 14:20:32 +0000
Subject: - Patch #431776 by catch, agentrickard, Damien Tournoud, Dries: cron
 should run as anonymous when invoked via the run-cron link on the status
 report page.

---
 includes/common.inc | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'includes/common.inc')

diff --git a/includes/common.inc b/includes/common.inc
index 6a108a289..7e90fb312 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -4385,6 +4385,14 @@ function drupal_cron_run() {
   // Allow execution to continue even if the request gets canceled.
   @ignore_user_abort(TRUE);
 
+  // Prevent session information from being saved while cron is running.
+  drupal_save_session(FALSE);
+
+  // Force the current user to anonymous to ensure consistent permissions on
+  // cron runs.
+  $original_user = $GLOBALS['user'];
+  $GLOBALS['user'] = drupal_anonymous_user();
+
   // Try to allocate enough time to run all the hook_cron implementations.
   drupal_set_time_limit(240);
 
@@ -4445,6 +4453,10 @@ function drupal_cron_run() {
       $queue->deleteItem($item);
     }
   }
+  // Restore the user.
+  $GLOBALS['user'] = $original_user;
+  drupal_save_session(TRUE);
+
   return $return;
 }
 
-- 
cgit v1.2.3