Download & Extend
Live » Issues

User changes to Author for Node Preview

Posted by thomas23@drupal.org on July 21, 2008 at 1:24pm
Project:Live
Version:6.x-1.0
Component:Code
Category:bug report
Priority:critical
Assigned:Unassigned
Status:closed (fixed)

Issue Summary

I'm not 100%, hence no security report, but I suspect live.module.

What happens: When I edit some node (article, page) as user of "webmaster role" (all rights but not user/1) and hit preview I see the preview allright. But when I actually safe the node suddenly I see less links/content. When I go to /user I'm directed to the node's author user. I have to log out and back in again as webmaster.

The node's author's group has rights to use live.module on nodes and edit own nodes.

Cheers.

Login or register to post comments

Comments

#1

Posted by arhip on December 22, 2008 at 7:05am

Experiencing this too.

#2

Posted by frjo on February 8, 2009 at 6:26pm

I to see this problem. Not tested but I suspect line 46-57 in live.node.inc. The variable $user is being set here and since there is a "global $user" at the start of the function the global user object is being messed with.

I believe $user should be replaced with $account instead, like this.

    if ($account = user_load(array('name' => $node->name))) {
      $node->uid = $account->uid;
      $node->picture = $account->picture;
    }
    else {
      $node->uid = 0; // anonymous user
    }
  }
  else if ($node->uid) {
    $account = user_load(array('uid' => $node->uid));
    $node->name = $account->name;
    $node->picture = $account->picture;

#3

Posted by svnissen on February 13, 2009 at 8:17am
Version:6.x-0.1» 6.x-1.0

Hi everybody!

I confim this effect. I use the latest stable release (6.x-1.0) and I can repeat this "feature" in any direction. So it's no matter if I was UserA and change the autor to UserB or vice versa.
If I save the change without a preview with Live-Module (logged in as UserA) nothing special happen. The autor ist UserB and I'm furthermore logged in as UserA.
But if I take a preview with Live-Modul and then save the Article, I'm suddenly logged in as UserB.

Sven

PS: Excuse me, but I'm not a native english speaker ;-)

#4

Posted by Gurpartap Singh on July 29, 2009 at 10:08pm
Status:active» fixed

http://drupal.org/node/534976

#5

Posted by Heine on July 30, 2009 at 8:19am

I'm not 100%, hence no security report, but I suspect live.module.

If you are not 100% sure, please report it as a security issue, we can always go to the public queue, but never vv.

#6

Posted by System Message on August 13, 2009 at 8:20am
Status:fixed» closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

nobody click here