Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Hello
Here is a patch that preserves the content_lock_token query string parameter between form posts in order to support content_lock module.
Without the patch, content_lock refuses to create a lock, so that can prevent a CSRF attack. As a result user is been asked to manually lock the node.
By the way, I am not sure if save_edit should preserve all Request variables and not only the “destination”
Comment | File | Size | Author |
---|---|---|---|
#10 | save_edit-support_for_content_lock-2358523-10.patch | 1.72 KB | stefanos.petrakis@gmail.com |
#2 | save_edit-2358523.patch | 1.49 KB | ericpinxteren |
#1 | save_edit-2358523.patch | 1.5 KB | ericpinxteren |
patch.txt | 1.9 KB | cpsarros |
Comments
Comment #1
ericpinxteren CreditAttribution: ericpinxteren commentedFix path of patch.
Apply coding standard.
Comment #2
ericpinxteren CreditAttribution: ericpinxteren commentedFix url query.
Comment #3
ericpinxteren CreditAttribution: ericpinxteren commentedComment #4
melvinlouwerse CreditAttribution: melvinlouwerse commentedThis patch is an extention of the previous patch.
It adds:
* check if the content lock module is enabled (if not we dont need to add the token)
* When no token is present create a new one so a new node will also be locked. (previously only updates on an existing node would get a lock)
Comment #5
mroest CreditAttribution: mroest commentedpatch from @melvinlouwerse works for me!
Comment #6
stefanos.petrakis@gmail.comSame here, this works for me too.
I will set this to "RTBC".
Comment #7
NitinSP CreditAttribution: NitinSP at Cognizant Technology Solutions commentedComment #8
NitinSP CreditAttribution: NitinSP at Cognizant Technology Solutions commentedComment #9
NitinSP CreditAttribution: NitinSP at Cognizant Technology Solutions commentedComment #10
stefanos.petrakis@gmail.comRerolled against latest dev