It appears to me that Nodes submitted by users without "Administer Nodes" permission are ignoring at least some of the node "Default Options" found on the node specific pages under "admin/node/configure/types".

For instance for "Promote to Front Page" -- in my testing content that should not be promoted by default is being promoted anyway. I have tested with several node types including Blog, Page, and Image.

This has been reproduced on a clean install of HEAD. Users who lack the permission "Administer Nodes" are affected.

CommentFileSizeAuthor
#1 node_validate_type_fix.patch627 bytesgrohk
Pantheon is proud to support Drupal and open source Pantheon logo

Comments

grohk’s picture

Assigned: Unassigned » grohk
Priority: Normal » Critical
FileSize
627 bytes

With the help of chx on the #drupal-support IRC channel, we seem to have found this bug.

The first apperance of $edit in the node_validate function is:

$node_options = variable_get('node_options_'. $edit->type, array('status', 'promote'));

edit->type should be $node->type. A tested patch is attached.

Steven’s picture

Applied to CVS/HEAD.

Anonymous’s picture