When saving a password, there is no check for whether the password has changed or not. A variable is created, but it is not checked.

What sometimes happens is that the function _protected_node_save() is called twice during a node save, and without the check, the saved hash is a hash of the hash of the entered password.

The attached patch corrects this.

CommentFileSizeAuthor
protected_node-check_for_changed_password.patch1.53 KBoadaeh
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Grimreaper’s picture

Grimreaper
Primary language French
Location France 🇫🇷
CreditAttribution: Grimreaper commented

Hello,

Izus (the new co-maintener) asked me if I could help with the issues.

I discovered this module between yesterday and today so I could not see some problem (bug or feature problem).

I just have tested your patch and it's ok for me.

My test case :
- per node protection
- an article protected by a password
- I check that the hash of the password correspond to the hash in the database.
- I change the password
- I check that the hash of the password correspond to the hash in the database.
- ok

I change the status to tested and reviewed by the community.

Edit : I forget to mention that I had a difficulty to apply your patch (with eclipse) so I edit the file manually.

Grimreaper’s picture

Grimreaper
Primary language French
Location France 🇫🇷
CreditAttribution: Grimreaper commented
Issue summary: View changes
Status: Needs review » Reviewed & tested by the community
izus’s picture

izus CreditAttribution: izus commented

seems weird :
i can't really reproduce the bug with the last codebase. can you please give steps to reproduce it ?

izus’s picture

izus CreditAttribution: izus commented
Status: Reviewed & tested by the community » Postponed (maintainer needs more info)
Grimreaper’s picture

Grimreaper
Primary language French
Location France 🇫🇷
CreditAttribution: Grimreaper commented

Hello,

I just tried to reproduce the problem with the last codebase, I don't have problem.

I also try using with the revisions enabled (https://drupal.org/node/1559162), also no problem.

Sorry, can we have the steps to reproduce it ?

oadaeh’s picture

oadaeh CreditAttribution: oadaeh commented

Sorry for the delay on this. I've been really busy lately. I will get it done soon. Thank you for your patience.

izus’s picture

izus CreditAttribution: izus commented
Status: Postponed (maintainer needs more info) » Fixed

this was merged as part of #1923622: Support Webform
Thanks

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.