This project is not covered by Drupal’s security advisory policy.

Drupal does not check to ensure that the user has access to view a node referenced by a custom menu item before it displays the menu item. This module searches through the {menu} table, looks for nodes, and checks to see which nodes the user is unable to view. Those nodes are added to the the menu tree with the access attribute set to FALSE, ensuring they do not appear in menus.

This was motivated by my use of the category_menu and cac_lite modules on a site I was building. Menu items which were not accessible to users in certain roles would appear even though they did not have access to them, creating usability and (minor) security problems.

Project information

Releases