The functionality introduced by the patch discussed in this thread is not working in 4.7 Head. This means that the following sequence will result in data loss:
Alice opens a node for editing
Bob opens the same node for editing
Bob saves his changes
Alice saves her changes to the node, overwriting Bob's changes
When Alice tries to save her edits, she should be presented with this error message from line 1581 of node.module:
form_set_error('changed', t('This content has been modified by another user; changes cannot be saved.'));
I've set priority normal, as any data loss should be recoverable through the revisions system. Please clue me if this is not appropriate.
My environment:
Drupal: 4.70 Head (CVS)
node.module: 1.603
PHP: 5.1
MySQL: 5.0.18-max (non-strict mode)
OS: Mac OS X 10.4
Comment | File | Size | Author |
---|---|---|---|
#3 | node_edit_protect.patch | 1.49 KB | hunmonk |
Comments
Comment #1
Egon Bianchet CreditAttribution: Egon Bianchet commentedComment #2
hunmonk CreditAttribution: hunmonk commentedthis is still a problem in current HEAD.
Comment #3
hunmonk CreditAttribution: hunmonk commented$node->changed was being passed internally as a value, per the FAPI conversion. this breaks this functionality. so two things need to happen to fix this:
i know using $_POST is frowned upon, but i think it's warranted in this case, as we're merely peeking at it for data, and not saving that data anywhere.
attached patch has been tested as functioning, and corrects the problem.
Comment #4
hunmonk CreditAttribution: hunmonk commentedComment #5
chx CreditAttribution: chx commentedrule of $_POST is: use it to compare but never display or store it. This is kept.
As you are using
#value
and not#default_value
even if the user changes to something foul the hidden field, there is no harm because the actual value of the form can't change. Though it'll show in $_POST and you compare against that. So far, so good.Restores lost functionality without the mere possibility of boring sechole. RTBC.
Comment #6
Gerhard Killesreiter CreditAttribution: Gerhard Killesreiter commentedapplied to 4.7
Comment #7
drummCommitted to HEAD.
Comment #8
(not verified) CreditAttribution: commented