Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
Disclaimer
There is a vulnerability in this module, which was made public in the issue queue several months ago (here and here). For this reason the module is considered unfit for production sites and marked unsupported until the vulnerability has been fixed.
The module can be used safely if you are careful with configurations of views (i.e. creating no views with access restrictions so the views do not need to be protected from certain users) and configuring input formats accordingly (i.e. only trusted users have access to this module).
Drupal Security Team
Also in D7 dev version or fixed there?
Comments
Comment #1
JohnnyX CreditAttribution: JohnnyX commentedSorry, quote tag doesn't work...
insert_view seems the one and only possibility to insert a view inside a node body...
Comment #2
AlexisWilke CreditAttribution: AlexisWilke commentedNote that the warning was about version 1.x. Someone made updates and created version 2.x (for Drupal 6 & 7) and supposedly removed the security issue. The truth is that the issue is about the possibility for any user to access any view using the module and not the module itself. So if you're the only person doing edits or all are trusted, you don't take much risks anyway.
Best,
Alexis Wilke
Comment #3
JohnnyX CreditAttribution: JohnnyX commentedOk, thank's. I need views inserted into the body field at a site a maintain alone. So it should be no problem. And "insert_view" seems to be there is no other module to do this...
Also tested viewfield but view rendered inside an own field and insert it with a token doesn't work for me. I'll try insert_view soon :)
Comment #4
JohnnyX CreditAttribution: JohnnyX commentedDid a short test. Nice module! :)
Comment #5
AlexisWilke CreditAttribution: AlexisWilke commentedviewfield probably has the same security issue as insert view. I don't need it very often, but when I do I like it. It's like the InsertNode module, which I took over for Drupal 6.x. 8-)
Comment #6
JohnnyX CreditAttribution: JohnnyX commentedBut viewfield can't insert the view into the body node? Or am I wrong?
Maybe inserNode could also work for me but isn't Drupal 7 :)
insert_view should be the solution for me ;)
Comment #7
AlexisWilke CreditAttribution: AlexisWilke commentedActually I never tried viewfield. My last sentence was probably confusing... 8-)
I don't need insert_view very often...
Yes. As I mentioned, the main problem is the fact that you can display any view, including hidden ones. To avoid problems, you want to make sure that only trusted people can use the corresponding filter.
Comment #8
JohnnyX CreditAttribution: JohnnyX commentedOK, shouldn't be a problem in my case :)
Many thanks for help!
Comment #9
VM CreditAttribution: VM commented