summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorwebchick2011-07-27 13:19:38 -0700
committerwebchick2011-07-27 13:19:38 -0700
commit1f124bf1accbad60b31a463ff59232d2f5626100 (patch)
treee8e899b5f9a2ea559982fd6b5db7302e428c198f
parentbdc2373eabb8729931032c007600ca69ab1c997f (diff)
parenteabb023933ac83947e5d238c4a83b1f5bdbcc738 (diff)
Merge branch '7.4-security' into 7.x7.6
-rw-r--r--CHANGELOG.txt3
-rw-r--r--includes/bootstrap.inc2
-rw-r--r--modules/comment/comment.module6
-rw-r--r--modules/file/tests/file.test13
4 files changed, 21 insertions, 3 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 2522289..3f953ce 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,6 +1,7 @@
-Drupal 7.5-dev, xxxx-xx-xx (development version)
+Drupal 7.5, 2011-07-27
----------------------
+- Fixed security issue (Access bypass), see SA-CORE-2011-003.
Drupal 7.4, 2011-06-29
----------------------
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
index 6034311..e9837da 100644
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -8,7 +8,7 @@
/**
* The current system version.
*/
-define('VERSION', '7.5-dev');
+define('VERSION', '7.5');
/**
* Core API compatibility.
diff --git a/modules/comment/comment.module b/modules/comment/comment.module
index 393318a..c17c5a6 100644
--- a/modules/comment/comment.module
+++ b/modules/comment/comment.module
@@ -2688,6 +2688,10 @@ function comment_rdf_mapping() {
*/
function comment_file_download_access($field, $entity_type, $entity) {
if ($entity_type == 'comment') {
- return user_access('access comments') && $entity->status == COMMENT_PUBLISHED || user_access('administer comments');
+ if (user_access('access comments') && $entity->status == COMMENT_PUBLISHED || user_access('administer comments')) {
+ $node = node_load($entity->nid);
+ return node_access('view', $node);
+ }
+ return FALSE;
}
}
diff --git a/modules/file/tests/file.test b/modules/file/tests/file.test
index d3d79bf..0e5f97d 100644
--- a/modules/file/tests/file.test
+++ b/modules/file/tests/file.test
@@ -540,6 +540,7 @@ class FileFieldWidgetTestCase extends FileFieldTestCase {
'title' => $this->randomName(),
);
$this->drupalPost('node/add/article', $edit, t('Save'));
+ $node = $this->drupalGetNodeByTitle($edit['title']);
// Add a comment with a file.
$text_file = $this->getTestFile('text');
@@ -569,6 +570,18 @@ class FileFieldWidgetTestCase extends FileFieldTestCase {
$this->drupalLogout();
$this->drupalGet(file_create_url($comment_file->uri));
$this->assertResponse(403, t('Confirmed that access is denied for the file without the needed permission.'));
+
+ // Unpublishes node.
+ $this->drupalLogin($this->admin_user);
+ $edit = array(
+ 'status' => FALSE,
+ );
+ $this->drupalPost('node/' . $node->nid . '/edit', $edit, t('Save'));
+
+ // Ensures normal user can no longer download the file.
+ $this->drupalLogin($user);
+ $this->drupalGet(file_create_url($comment_file->uri));
+ $this->assertResponse(403, t('Confirmed that access is denied for the file without the needed permission.'));
}
}