Downloads
Release notes
This release includes a fix for SA-CONTRIB-2012-101 - Protected Node - Access Bypass.
Note: many of the following bugs, fixes, etc. are intermediary (i.e. between different development stages); I keep them here for reference
* Issue #1179048: Password fields should be mandatory by eL: global passwords must be ignored if the node was created by the anonymous user.
* Issue #1179048: Password fields should be mandatory from eL: Password fields should be mandatory -- especially for anonymous users.
* Issue #1179048: Password fields should be mandatory by eL: Password fields should be mandatory.
* Issue #1137526: No password for viewing but a password for editing by eL and AlexisWilke:
** Select status of the protected node field set when editing the node.
** Select whether a node is always protected, is protected by default, or never protected.
** "Security fix," avoid saving the global password in clear (this was in one of the alpha version and not considered as a security issue by the Drupal security team.)
** Added information about the hook_protected_node_hide() callback.
** Fixed the INSERT to include the protected node hint field.
** Added some missing documentation.
** Added support for a node type wide password.
* Issue #1159948: edit properties uses insert instead of update by ferrum: edit properties uses insert instead of update when password is empty.
* Fixed syntax errors in comments and strings, removed useless comments.
* Issue: #1159964: autoincrement nid field by ferrum: autoincrement nid field (replaced by simple int).
* Fixed many permission problems.
* Properly support View, Edit, and Delete.
* Fixed an access denied call not followed by exit().
* Renamed edit protected permissions into edit password.
* Fixed a couple of usage of variables.
* Added a missing exit() after calling drupal_access_denied().
* Added the missing variable to the switch inside the update 6000.
* Fixed the SQL command used to rename the passwd column since MySQL does not support the RENAME COLUMN feature.
* Issue #339447: Extend API functionalities with lock/unlock by miraclegr: added support for Rules and thus the required functions in this very old issue.
* Added views support so one can display/check whether a node is protected. This is a separate module.
* Fixed the English of the API description.
* Re-added the two functions that I removed in between making them work with the new interface.
* Issue #935844: Private Attachment Protection by dlaidig:
** Should ask for password when accessing a password protected private attachment.
** Fixed a few potential problems with existing code.
** Adding the protected_node.fork.inc file which I missed on my last update.
* Issue #549136: Password redirecting by kvoltz:
** Support to fork on a page depending on the password entered.
** Fixes to the redirect to make it more secure (test the parameter).
** Renamed the protected_nid parameter with protected_page.
* Check that the protected_nid number is valid and represents an existing node.
* CCK support added. That way one can install CCK to place the field at a different location than the usual.
* Issue #153724: request to have module create random password by jesusjim: add support for a random password.
* Issue #153726: enter password protected node via html link by jesusjim and AlexisWilke: started implementation sending an email with a link. At this time though, we only send the password and a direct link to the node.
* Issue #852122: SQL Injection in protected_node_requirements() by quicksketch: possible SQL injection -- not really, but the proposed code looks better.
* Issue #852134: Extra spaces around all conditionals do not follow coding standards by quicksketch: fixed the syntax to match Drupal expected coding standard.
* Issue #795576: When no destination is given to the protected-node page callback, the page is rendered twice by Cyberwolf: added the exit after the drupal_access_denied() call.
* Issue #904398: Password not asked after password change by teecee: changing the password on a page does not prevent users who entered the old password to go visit.
* Removed unnecessary spaces Added missing commas at the end of arrays Added 2 columns: protected_node_is_protected and protected_node_show_title
* Renamed column passwd as protected_node_passwd
* Added an index on protected_node_is_protected
* Added corresponding update function
* Offer 3 modes now: per node passwords, global password, or both
* Moved the menu and alter node form in the settings
* Moved the drupal_goto() to the hook_init() function where it belongs
* Added a callback to give others a chance to hide (protect) node data (CCK, links...)
* Removed the use of two or three unnecessary variables
* Save time() in the password session
* Added support for checking the global and per node password strength
* Support a default show_title status
* Validate the settings (i.e. a global password is required when such mode is selected)
* Added statistics in the settings form
* Added mass functions (buttons that act on your entire set of protected and unprotected nodes.)
* Optimized the module by moving the requirements function to the .install file where it is supposed to be; also enhance the function and fix the counting of roles having rights over protected nodes.
* The validation of a node being saved would test the wrong variable to know whether the password was already known or not.
* The redirect prevention needed to be in the inner if() block.
* Titles of password protected nodes were visible by anyone.
* Prevent the redirect if the user would anyway get an access denied error.
* Covers several issues and add some better functionality to the password form.
* Unindented a switch
* Replaced ' with " in an SQL statement
* Fixed two E_NOTICEs.
* Validate the Save by preventing it if the user turns on the password protection but does not enter an actual password.
* Issues #830006: Version 1.5 does not work for PostgreSQL users, #280535: First password field is auto-filled in Firefox 3 - needs autocomplete="off", #346260: Protected node issues when creating content: updated with my version which has been working for a while.
* Stripping CVS keywords (automatic Drupal update.)
* Removing translation directories (automatic Drupal update.)
* Applied patch from #280535: First password field is auto-filled in Firefox 3 - needs autocomplete="off" comment-1500218 (previous programmer)
