The Drupal 7 version of file cleantalk.module includes code to check if the user submitting a form, comment etc. is a logged-in administrator. It does this by checking if the string value "administrator" appears in the array of user roles. The issue is that Drupal allows administrators to change the name of this role, and so the check can fail. A more reliable check is to see if the user role array has a value set for key 3.
I don't think this a problem for Drupal 8 because it appears that the value of the key for the administrator role is in fact "administrator", and Drupal 8 appears to have an isAdmin() function that's probably a better check anyway.
https://www.drupal.org/node/1619504
https://api.drupal.org/api/drupal/core%21modules%21user%21src%21RoleInte...
Patch attached for 7.x.
Comment | File | Size | Author |
---|---|---|---|
#2 | ct-admin-test-2947476-2.patch | 1.37 KB | sah62 |
ct-admin-test-1-.patch | 1.37 KB | sah62 |
Comments
Comment #2
sah62 CreditAttribution: sah62 commentedSigh, missing ")" in the first patch file. Here's a fixed version.
Comment #3
Serge-M CreditAttribution: Serge-M commentedHello.
Thank you for pointing this out.
We will fix this issue in 1-2 working day.
Best regards.
Comment #4
znaeff CreditAttribution: znaeff commentedThank you for your patch. This fixes will be included on the next stable release.