Steps to reproduce:

  1. Author creates a new node and sets it to "Needs Review".
  2. Editor clicks "View draft" on the node and begins to read.
  3. While Editor is reading, Author edits the draft and saves his new revision without changing the moderation state.
  4. Editor finishes reading the (now non-current) revision, finds it acceptable, and uses the moderation form in the moderation messages to change the state to Published.

Expected result:
Editor should receive an error telling him that the version he tried to publish is no longer the current revision. Or, alternatively, the version that Editor was viewing becomes published, and the newer version submitted by Author becomes the current draft awaiting review.

Actual result:
The newer revision submitted by Author becomes the published revision, without Editor ever having seen the new changes. Thus, it may be possible for unreviewed changes to make it to the live site.

CommentFileSizeAuthor
#1 moderate_form_validate-1127722.patch2.14 KBmuriqui
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

muriqui’s picture

muriqui CreditAttribution: muriqui commented
Status: Active » Needs review
FileSize
moderate_form_validate-1127722.patch2.14 KB

I think I've fixed it by adding a validate function for the moderate form to re-check the current revision.

Cyclodex’s picture

Cyclodex CreditAttribution: Cyclodex commented

subscribing

please read also my comment on the issue here : #1127734: Add option to block creation of new drafts based on moderation state

Taxoman’s picture

Taxoman CreditAttribution: Taxoman commented
Priority: Normal » Major
becw’s picture

becw CreditAttribution: becw commented
Status: Needs review » Fixed

Good catch, and thanks for the patch! Committed in e78dc. (I did review it beforehand :)

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.