Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Drupal 6.17
Panels 3.7
Ctools 1.7
jQueryUI 1.3
With the above only installed on a fresh drupal install and the IPE module enabled, if a panel node has the IPE option chosen it give anonymous access to the IPE interface which lets them edit the panel content just as if they were logged in! (see attached screenshot)
Comment | File | Size | Author |
---|---|---|---|
#3 | 871730-panels-ipe-panel-node-permission.patch | 1.07 KB | merlinofchaos |
IPE.jpg | 77.6 KB | codewatson |
Comments
Comment #1
merlinofchaos CreditAttribution: merlinofchaos commentedDid you give the anonymous user the use ipe permission?
Comment #2
codewatson CreditAttribution: codewatson commentedNo, the only permission anonymous has is view content, and i dont think i see any permissions for the IPE in the first place?
Comment #3
merlinofchaos CreditAttribution: merlinofchaos commentedTry this patch.
Comment #4
codewatson CreditAttribution: codewatson commentedThat appears to have done the trick.
Comment #5
damiandab CreditAttribution: damiandab commentedthanks for the patch , it solved the problem :)
Comment #6
damiandab CreditAttribution: damiandab commented@ dwatson permissions for the IPE: panels module >> use panels in place editing
Comment #7
codewatson CreditAttribution: codewatson commentedAh, i must be blind, thanks!
Comment #8
merlinofchaos CreditAttribution: merlinofchaos commentedCommitted to -dev.
Comment #10
xtfer CreditAttribution: xtfer commentedShould this get a security update? This is a rather large security hole.