Posted by ohnobinki on March 26, 2012 at 11:28pm
| Download | Size | md5 hash |
|---|---|---|
| content_lock-6.x-2.7.tar.gz | 24.26 KB | 13c5927729bbdf5a06a2fb42e32fc4e3 |
| content_lock-6.x-2.7.zip | 31.1 KB | 4d21bfde4dd606d1cd73ae3a5b04a089 |
Last updated: March 26, 2012 - 23:30
Release notes
This release of content_lock primarily addresses a CSRF security issue whereby locked nodes can be unlocked by the user's browser without the user's intention.
As this is the first release in over a year, it also includes other minor bug fixes and touch ups which were accumulating in the development VCS repository:
- content_lock_timeouts submodule: The default lock timeout is now 30 minutes. This is overridable in content_lock's configuration page.
- Fix issue #1130220: Content is not unlocked when navigating away from the page (javascript error) by Zombienaute, halcyonCorsair: Content is not unlocked when navigating away from the page (javascript error) for nginx.
- Fix issue #1203812: Use drupal's Drupal.behaviors API instead of jQuery(document).ready() to support drupal7 overlays: Use Drupal.behaviors instead of jQuery(document).ready().
- Issue #1206370: Remove package="Drupal Wiki" from content_lock.info by agentrickard: Remove package="Drupal Wiki" from content_lock.info.
- Fix CSRF security vulnerability reported by Charlie Gordon (cwgordon7) by using tokens for action URIs. Original patch by @larowlan. Tokens are used to prevent an attacker from being able to guess the proper action URI to use in a CSRF for unlocking a node.
Module developers may be interested to know that API documentation is now accessible at drupalcontrib.org.