Anonymous users can navigate to admin/content/cck_field_privacy page
| Project: | CCK Field Privacy |
| Version: | 6.x-1.0 |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | closed |
Jump to:
Hello --
This module is just what I have been searching for. I am using it in conjunction with User Relationships and it provides the privacy settings I hoped for -- however, anonymous and non-admins can navigate to the admin/content/cck_field_privacy and edit the settings there!
I am using Drupal 6 and have tried both the recommended and the dev versions of this module with the same result.
Surprisingly, they seem to work independently of each other. Please consider:
Admin and anonymous can both navigate to admin/content/cck_field_privacy page at the same time.
Admin chooses a content and then selects the fields.
Anonymous refreshes and can't see the content as chosen (all content is unchecked). Anonymous then chooses a different content and activates.
Admin refreshes and now sees Anonymous' selection instead of own previous selection.
Admin changes Anonymous' selection back to the previous choices.
Anonymous refreshes and sees there is nothing selected at all. If Anonymous chooses a selection, the process starts all over again.
Please... can you advise how to straighten this out?
Thanks so much!
#1
#2
Fixed in 6.x-1.1, per security advisory DRUPAL-SA-CONTRIB-2009-014
#3
You are awesome. Fixed perfectly. Thank you very much :-)
#4
Automatically closed -- issue fixed for 2 weeks with no activity.