Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Unpublish tab does not remove items from taxonomy_index table. This means that unauthorised users may view unpublished content via any taxonomy term page which correctly included that page when it was published.
I have set up a clean minimal test site and confirmed that this bug is not restricted to the mature site where I (or rather Google) first discovered it.
Comments
Comment #1
AaronBaumanThe publish/unpublish action calls node_save(), which in turn calls taxonomy_delete_node_index() and taxonomy_build_node_index() that maintain this table.
So, in theory, this bug should not exist.
Any further information or patches would be welcome.
Comment #2
Simon Georges CreditAttribution: Simon Georges commentedComment #3
johnennew CreditAttribution: johnennew commentedClosing old issue
Comment #3.0
johnennew CreditAttribution: johnennew commentedRevised for great clarity.