http://drupal.org/node/1632918

In my testing the 7.x branch isn't preventing this access bypass. This can be a public issue per http://drupal.org/security-advisory-policy

Comments

izus’s picture

Hi greggles,
I'm trying to find the 6.x version patch for this to check if the 7.x branch is already ok or port the patch for it. Unfortunalety, i searched with 'SA-CONTRIB-2012-101' key world in the 6.x-1.6 branch log but couldn't find it.
can you please help finding again the original patch so that i can go forward on this.
Thanks

greggles’s picture

I have no idea, really. I added you to the private issue at https://security.drupal.org/node/1039 which will hopefully shed some light.

izus’s picture

Issue summary: View changes
Status: Active » Closed (cannot reproduce)

ok Thanks greggles !
i followed the steps in the security issue and couldn't reproduce it with the current code base in the 7 branch.
:)
Thanks again !