Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Hi,
I am testing this module. Thanks for building this!
A lot works, but this pages: /admin/reports/security-review/help/views/access gives 404.
greetings, Martijn
Comment | File | Size | Author |
---|---|---|---|
#8 | security_review-6.x-1.2_views_access_help.patch | 1.79 KB | Justin_KleinKeane |
Comments
Comment #1
coltraneDo you have the Views module enabled?
Comment #2
tangent CreditAttribution: tangent commentedI am also seeing this issue. There are 2 checks for which the "details" link does not work and those URLs have a different pattern from the others. I am using Views 6.x-3.x.
/admin/reports/security-review/help/security_review/admin_permissions (WORKS)
/admin/reports/security-review/help/filefield/filefield_extensions (DOES NOT WORK)
/admin/reports/security-review/help/views/access (DOES NOT WORK)
I checked to see if adding "security_review" to the URL, to match the pattern of other URLs, would work but it does not.
Looking at the code, the filefield and views checks are handled differently than other checks. Perhaps the way the checks arrays are merged is responsible. I haven't identified the fix yet though.
Comment #3
webservant316 CreditAttribution: webservant316 commentedsame problem here.
Comment #4
webservant316 CreditAttribution: webservant316 commentedI just tried /admin/reports/security-review/help/views/access as both an admin user and user 1 and both result in a 404.
Comment #5
coltrane@tangent @webservant316 can you both confirm you have the Views module installed and enabled?
Comment #6
tangent CreditAttribution: tangent commentedAs previously mentioned, I am using Views 6.x-3.x.
Comment #7
webservant316 CreditAttribution: webservant316 commentedI am using Views 6.x-2.16
Comment #8
Justin_KleinKeane CreditAttribution: Justin_KleinKeane commentedI can confirm that this error occurs even when Views and Views Access modules are enabled and installed.
It seems like there is an issue in the security_review_check_help function, mainly because when the view access help link is clicked (from ?q=admin/reports/security-review) the result it ?q=admin/reports/security-review/help/views/access, so the $module in security_review_check_help is 'views' and the $check_name is 'access'. This causes the if (function_exists) conditional to fail since 'views_security_checks' is not, in fact, a defined function. The module seems to expect that the $module will always be 'security_review', and if it is this function works just fine (even with views help). I wrote the following patch to remove the conditional and simply use the expected function: security_review_security_checks(). Patch is attached.
Comment #9
coltraneI'm having a hard time understanding this issue, sorry. It sounds straight forward but I have yet to reproduce. @Justin_KleinKeane can you roll your patch against 6.x-1.x please?
Will one of you test against 6.x-1.x dev and report if you still receive this error. Also, list of enabled modules would help, specifically I don't understand if "Views Access" is a module or if this error is occurring with just the Views module enabled.
Comment #10
coltraneI was able to replicate this with 6.x-1.2 but I cannot with 6.x-1.x-dev. I'm planning a new release of 6.x-1.x soon.
Comment #12
mr.j CreditAttribution: mr.j commentedThis is still a problem in the current release.
Comment #13
BigMike CreditAttribution: BigMike commentedAlso having this issue. v6.x-1.2.
/admin/reports/security-review/help/filefield/filefield_extensions (page not found)
/admin/reports/security-review/help/views/access (page not found)
It's going to be another month for us to finish our migration to D7 so I figured I'd revisit our security review. Found this issue, searched, figured I'd post up.
The D6 branch is probably dead anyhow. Just passing through :)
Comment #14
dsnopekThis is a duplicate of #1361640: Unable to access filefield or views reports which is included in 1.3 release! This is fixed.