Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The addition of $cond into queries is not great since none of the strings inside the condition are being filtered. The risk is reduced by the nature of node machine names, but it would be ideal to do more filtering.
There's also no node_access in the D7 version. Since this module doesn't show data from the nodes, that's OK, but it could lead to situations where someone clicks "next" and gets nothing.
Comment | File | Size | Author |
---|---|---|---|
#1 | 1736592_filtering_access.patch | 1.5 KB | greggles |
Comments
Comment #1
gregglesThis fixes one of the queries as an example and is totally untested.