Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
When running the security review (www.drupal.org/project/security_review) a few webform views do not pass the test. It seems the master views do not provide any access checks.
These are
- admin/structure/views/view/webform_analysis/edit/default
- admin/structure/views/view/webform_results/edit/default
- admin/structure/views/view/webform_submissions/edit/default
- admin/structure/views/view/webform_webforms/edit/default
Comments
Comment #1
DanChadwick CreditAttribution: DanChadwick commentedFirst, if you actually think webform has a security issue, open a security issue. Do NOT open an issue in the regular issue queue.
Second, access is provided by the menu system, not the views, so there is no issue with them to my knowledge. Just because a code review module sees code that matches a pattern doesn't make it an issue.
Comment #2
malcomio CreditAttribution: malcomio at Capgemini commentedSeems to be a duplicate of #2499029: Add Default Views access control