Node revision access check is broken

The 6.x-3.13 is introducing a bug when checking permission on older revisions.

        elseif (!$denied && $revision_node = node_load($content['nid'], $revision_id) && _node_revision_access($revision_node, 'view')) {
          // You have access to the node as well as that particular revision.
          $revision_access = TRUE;
        }

The middle clause with the value assignment needs to be wrapped in parenthese due to operator precendency.

Comment	File	Size	Author
#1	non-current-revision-access-check-fix-2308915-1.patch	709 bytes	nagba

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

nagba CreditAttribution: nagba commented 24 July 2014 at 09:32

Status:

Active

» Needs review

File	Size
non-current-revision-access-check-fix-2308915-1.patch	709 bytes

this should fix the access check

Log in or register to post comments

gnindl’s picture

Comment #2

gnindl CreditAttribution: gnindl commented 15 September 2014 at 14:06

Priority:	Normal	» Major
Status:	Needs review	» Reviewed & tested by the community

Works for me using revisioning module.

Indeed $revision_node is NULL and node_load() is never executed.

Log in or register to post comments

pwolanin’s picture

Comment #3

pwolanin CreditAttribution: pwolanin as a volunteer and at Acquia commented 21 August 2015 at 15:24

Fix looks duplicate to part of this #2305969: "Referencing to the file used in the field is not allowed" error after 6.x-3.13 security update

Can you please check?

Log in or register to post comments

Comment #4

nagba CreditAttribution: nagba commented 2 September 2015 at 06:42

Sure it is. We can close this in favor of that one. Seem to have gotten more attention.

Log in or register to post comments

Comment #5

nagba CreditAttribution: nagba commented 2 September 2015 at 06:42

Status:

Reviewed & tested by the community

» Closed (duplicate)

Log in or register to post comments