nodeaccess_userreference 7.x-3.10

Security update

When an author has created content containing a user reference field (with author update/delete grants enabled) and the author's user account is later deleted, content created by them can be edited by anonymous users.

This release fixes this issue.
SA-CONTRIB-2013-049 - Node access user reference - Access Bypass

nodeaccess_userreference 6.x-3.5

Security update

When an author has created content containing a user reference field (with author update/delete grants enabled) and the author's user account is later deleted, content created by them can be edited by anonymous users.

This release fixes this issue.

SA-CONTRIB-2013-049 - Node access user reference - Access Bypass

nodeaccess_userreference 7.x-3.9

New features
Bug fixes
Insecure

Issue #1619636 by johnv, danielb: Cumulative settings improvements and fixes.
Issue #1652392 by danielb: Settings updates.
Issue #1652392 by danielb: Priority handling update.
Issue #1619636 by danielb, john: / assignment update.
Info file description update.
Issue #1668720 by danielb: Supporting node object in hook_node_access() when op is create.
Issue #1684246 by danielb: New settings not saved.
Issue #1689886 by danielb: Undefined index when adding new field.

nodeaccess_userreference 7.x-3.8

Bug fixes
Insecure

Issue #1595144 by danielb: Undefined index: referenced (related)

nodeaccess_userreference 6.x-3.4

Bug fixes
Insecure

Issue #1407120 by danielb, Reinette: Module mistakenly sets grants when it shouldn't.

nodeaccess_userreference 7.x-3.7

New features
Bug fixes
Insecure

Issue #1294580 by danielb: Add setting for published/unpublished distinction.
Issue #1307094 by pfrenssen: File permissions.
Updated readme file.
Issue #1432812 by danielb: Add support for Entity Reference module.
Issue #1561014 by -morbiD-: Create grant not given to referenced users.
Issue #1506552 by danielb: Imported content types support.
Issue #1506552 by danielb: Imported content types support.
Streamlined some processes.
Issue #1568186 by danielb: Removed node_load_multiple for a simple query.

nodeaccess_userreference 6.x-2.0-beta2

New features
Bug fixes
Insecure

A few changes to the way the module works. Not compatible with previous versions.

Pages

Subscribe with RSS Subscribe to Releases for Node access user reference