Active
Project:
Activism
Version:
6.x-2.0
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Issue tags:
Reporter:
Created:
27 Apr 2010 at 21:02 UTC
Updated:
30 Jun 2026 at 21:25 UTC
Jump to comment: Most recent
Notes of content type 'campaign' are viewable by anyone, even anonymous users. It looks like this is because the activism_campaign_access() function simply returns a value of TRUE if $op == 'view'. Rather than simply return a value of true, it needs to test whether the user has appropriate permissions. I put together the attached patch using some code adapted from the node module's node_access() function.
| Comment | File | Size | Author |
|---|---|---|---|
| activism.patch.txt | 1.61 KB | sheldon rampton |
Comments
Comment #1
drummThere are no supported releases of this project, so security issues may be public.