I have added node protection to my content type Gallery with the following settings.
Content Types > Gallery > Protected Node Settings > Always Protected
Configuration > Protected Node > Per Node Password, Enable Protected Node Email Support
Then I create a gallery, add photos, set a password, and a few email addresses and click save. An email is sent to all email addresses, with the password in the email. Which is perfect!
Now when I go back and edit a Gallery page, add a few more photos and click save, the email is always sent to all email addresses, even if the password is not set when saving. Therefore my users get an email saying "your gallery has been updated", but the password section of the email is blank.
Its not a big deal when its just me doing it as I know to set a password, but it runs the risk of other admins missing the password field and sending the blank password email to all of our customers.
Am I missing something?
In the documentation, it says not setting a global password, and setting the content type to always protected should make the password field required. It does when you create a node, but not when you edit an existing node.
Comment | File | Size | Author |
---|---|---|---|
#6 | protected_node_email_sent-2251603-6.patch | 3.13 KB | Grimreaper |
#3 | protected_node_email_sent-2251603-3.patch | 3.36 KB | Grimreaper |
Comments
Comment #1
Collins405 CreditAttribution: Collins405 commentedComment #2
GrimreaperHello,
You miss nothing.
I just reproduce the bug you highlight to be sure.
Even the email fieldset's description mentions the procedure : WARNING: for an email to be sent you MUST (1) protect the node; (2) re-enter the password; (3) publish the page.
So the check for re-enter the password is not done.
I will now see the code to see the problem.
Comment #3
GrimreaperI'm back ! :)
Here is a patch that solves the problem.
I also took this occasion to make a refactoring between hook_node_update() and hook_node_insert() because, the code inside the hooks was the same !!!
I also see a part of the code about random password generation, I wonder why it is there, before the call to the function _protected_node_save().
Thanks for testing and reviewing it.
Comment #4
Collins405 CreditAttribution: Collins405 commentedThanks for the patch. That sorted the problem of emails being sent when the password field was empty.
But now, when a password is entered, and an email is sent, the password in the email is blank?
Comment #5
Collins405 CreditAttribution: Collins405 commentedJust double checked it. This patch has now stopped all passwords from being sent in emails.
Comment #6
GrimreaperThanks for testing.
Ok, now I better understand why _protected_node_save($node); was before the call to the function sending the mail.
Because its made a process which add a property to the node; $node->protected_node_clear_passwd used for the token. So now I test if it exists and it should be right.
Comment #7
Collins405 CreditAttribution: Collins405 commentedYep, that's it. Patch works perfectly.
Thanks bro.
Comment #8
izus CreditAttribution: izus commentedback to needs review status until it got merged
Comment #9
izus CreditAttribution: izus commentedmerged now.
thanks all