I follow the instructions on the module main page. Step number 4 says Set the default value of that argument to "Node ID from URL". Then Views UI says also Action to take if argument is not present.

Is there a possible that malicious user provide (via URL or POST) some value of this argument overriding the default value? If so, this could be issue for me.

Thanks for your time and help.

Comments

mki’s picture

mki commented
Project: Views attach » Views (for Drupal 7)

This issue (support request) was intended for Views Attach module, but I decided that it more belongs to Views. Any help?

dawehner’s picture

dawehner
Primary language German
commented

I think not. This uses the drupal internal method arg(), which uses node/123 as path.

merlinofchaos’s picture

merlinofchaos commented
Status: Active » Fixed

Plus, it ensures that the value is numeric and loads a node. There's nothing a user can enter there that will cause anything other than not viewing a node.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.