Anonymous user can edit/delete table entries

Wow! That's proper shoddy workmanship sorry about that!

Add a couple of returns to each function like this;

/**
 * Edits one row in a table.
 */
function tablemanager_edit($edit) {
  global $user;
  if (!is_numeric($edit)) {
    drupal_access_denied();
  }
  $fetch = db_fetch_object(db_query('SELECT tm.tid, tm.uid AS tableuid, tm.name, tmd.uid, tm.header, tmd.data, tmd.format
                                     FROM {tablemanager} tm
                                       INNER JOIN {tablemanager_data} tmd ON tm.tid = tmd.tid
                                     WHERE tmd.id = %d',
                                     $edit));
  if (!$fetch) {
    drupal_not_found();
    return; // HERE
  }
  unset($flag);
  $flag = $user->uid == $fetch->uid && user_access("edit own ".$fetch->name." content") ? TRUE : $flag;
  $flag = user_access('administer tables') || user_access("edit any ".$fetch->name." content") ? TRUE : $flag;
  $flag = $user->uid == $fetch->tableuid && user_access('administer/ create own tables') ? TRUE : $flag;
  if (!$flag) {
    drupal_access_denied();
    return;  // AND HERE
  }

And the same for the delete function. Thanks for spotting this, I'm POSITIVE it never used to be an issue - it must be a change to core or something? Anyways, I'll roll out a new release right now.

Thanks again,

Pobster

Oops! That's THREE returns in total, one here too;

/**
 * Edits one row in a table.
 */
function tablemanager_edit($edit) {
  global $user;
  if (!is_numeric($edit)) {
    drupal_access_denied();
    return;
  }

Pobster