Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
When saving a password, there is no check for whether the password has changed or not. A variable is created, but it is not checked.
What sometimes happens is that the function _protected_node_save() is called twice during a node save, and without the check, the saved hash is a hash of the hash of the entered password.
The attached patch corrects this.
Comment | File | Size | Author |
---|---|---|---|
protected_node-check_for_changed_password.patch | 1.53 KB | oadaeh | |
Comments
Comment #1
GrimreaperHello,
Izus (the new co-maintener) asked me if I could help with the issues.
I discovered this module between yesterday and today so I could not see some problem (bug or feature problem).
I just have tested your patch and it's ok for me.
My test case :
- per node protection
- an article protected by a password
- I check that the hash of the password correspond to the hash in the database.
- I change the password
- I check that the hash of the password correspond to the hash in the database.
- ok
I change the status to tested and reviewed by the community.
Edit : I forget to mention that I had a difficulty to apply your patch (with eclipse) so I edit the file manually.
Comment #2
GrimreaperComment #3
izus CreditAttribution: izus commentedseems weird :
i can't really reproduce the bug with the last codebase. can you please give steps to reproduce it ?
Comment #4
izus CreditAttribution: izus commentedComment #5
GrimreaperHello,
I just tried to reproduce the problem with the last codebase, I don't have problem.
I also try using with the revisions enabled (https://drupal.org/node/1559162), also no problem.
Sorry, can we have the steps to reproduce it ?
Comment #6
oadaeh CreditAttribution: oadaeh commentedSorry for the delay on this. I've been really busy lately. I will get it done soon. Thank you for your patience.
Comment #7
izus CreditAttribution: izus commentedthis was merged as part of #1923622: Support Webform
Thanks