Session [entered password] can be poisoned
tolmi - October 14, 2008 - 09:51
| Project: | Protected node |
| Version: | 5.x-1.2 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | tolmi |
| Status: | active |
Description
If user protects a node and hits preview then leaves the page the module won't clean up completely after itself, because the entered_password session variable isn't cleared in this scenario.