Posted by ohnobinki on March 26, 2012 at 11:34pm
| Download | Size | md5 hash |
|---|---|---|
| content_lock-7.x-1.2.tar.gz | 24.73 KB | 55abd77423886c088edceaa4f41d47f4 |
| content_lock-7.x-1.2.zip | 31.73 KB | 02b14123fc9ba6c1a75541e98b43ec52 |
Last updated: March 26, 2012 - 23:35
Release notes
This release of content_lock primarily addresses a CSRF security issue whereby locked nodes can be unlocked by the user's browser without the user's intention.
It also includes other bug fixes and touch ups which were accumulating in the development VCS repository, some of them essential for properly supporting drupal7:
- content_lock_timeouts submodule: The default lock timeout is now 30 minutes. This is overridable in content_lock's configuration page.
- Fix issue #1130220: Content is not unlocked when navigating away from the page (javascript error) by Zombienaute, halcyonCorsair: Content is not unlocked when navigating away from the page (javascript error) for nginx.
- Fix issue #1203812: Use drupal's Drupal.behaviors API instead of jQuery(document).ready() to support drupal7 overlays: Use Drupal.behaviors instead of jQuery(document).ready().
- Issue #1206370: Remove package="Drupal Wiki" from content_lock.info by agentrickard: Remove package="Drupal Wiki" from content_lock.info.
- Fix issue #1206392: Move the configuration path for D7 by agentrickard: Move the configuration path for D7. Also fix the `Locked Documents' tab of the content administration pages to be accessible.
- Fix issue #1261046: Issues with Cancel Button by middlenewman: Issues with Cancel Button (not appearing).
- Fix CSRF security vulnerability reported by Charlie Gordon (cwgordon7) by using tokens for action URIs. Original patch by @larowlan. Tokens are used to prevent an attacker from being able to guess the proper action URI to use in a CSRF for unlocking a node.
Module developers may be interested to know that API documentation is now accessible at drupalcontrib.org.