Recently we had a near-miss security disaster due to the fact that the invite module's default behaviour is to assign the role of the inviter to the invitee. We had all users invited to our site by our developers with full admin access!

Comments

mdupont’s picture

Project: Drupal core » Invite
Version: 6.22 » 6.x-2.x-dev
Component: user system » Code

That's an issue of the Invite module then.

ryan osītis’s picture

Issue summary: View changes
Status: Active » Closed (outdated)