Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Hi there,
I just happened to take a look at your module (it sounded interesting) and I noticed that it has two small permissions issues.
One is that there is no permissions check for the view op in recent_comments_block(), so even people without 'access comments' can view the block. The other (even smaller) issue is that there's an extraneous call to user_access() at the beginning of recent_comments_settings(). You've already got your call to user_access() in recent_comments_menu(); so while I don't think this extra call is really hurting anything, I don't think it's needed, either.
I've attached a patch that makes both changes.
Thanks!
| Comment | File | Size | Author |
|---|---|---|---|
| permissions.patch | 971 bytes | venutip |
Comments
Comment #1
todd nienkerk commentedFixed in 5.x-1.1. Thanks!