Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The 6.x-3.13 is introducing a bug when checking permission on older revisions.
elseif (!$denied && $revision_node = node_load($content['nid'], $revision_id) && _node_revision_access($revision_node, 'view')) {
// You have access to the node as well as that particular revision.
$revision_access = TRUE;
}
The middle clause with the value assignment needs to be wrapped in parenthese due to operator precendency.
Comment | File | Size | Author |
---|---|---|---|
#1 | non-current-revision-access-check-fix-2308915-1.patch | 709 bytes | nagba |
Comments
Comment #1
nagba CreditAttribution: nagba commentedthis should fix the access check
Comment #2
gnindl CreditAttribution: gnindl commentedWorks for me using revisioning module.
Indeed $revision_node is NULL and node_load() is never executed.
Comment #3
pwolanin CreditAttribution: pwolanin as a volunteer and at Acquia commentedFix looks duplicate to part of this #2305969: "Referencing to the file used in the field is not allowed" error after 6.x-3.13 security update
Can you please check?
Comment #4
nagba CreditAttribution: nagba commentedSure it is. We can close this in favor of that one. Seem to have gotten more attention.
Comment #5
nagba CreditAttribution: nagba commented