Does not respect user access
B.X - September 11, 2007 - 04:22
| Project: | Comment Page |
| Version: | 5.x-1.0 |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | closed |
Jump to:
Description
If a page is not published, comments are accessible in any case. It is serious vulnerability.
#1
I think that this issue is to be tagged critical because it handles on user access to pages.
IMO, it is sad... I love the module, but the access on comments is a huge deciding factor :-(
#2
Thanks for the report, and sorry for the sluggish update. This is now fixed as of the 1.1 version using the same access control Drupal uses when someone tries to view a node.
#3
Automatically closed -- issue fixed for two weeks with no activity.