summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorcatch2012-05-09 04:43:25 (GMT)
committer catch2012-05-09 04:43:25 (GMT)
commit352645e4a636cadeb5576231b3547972eebdd8e5 (patch)
treec203d63436e34f595e5822a59979c38f68770d23
parentf263e898da2700e1eb1035fb67652877a27eb932 (diff)
mlhess, coltrane, xjm, and jhodgdon, penyaskito: forward port DRUPAL-SA-CORE-2012-002 - Access bypass - forum listing.
-rw-r--r--core/modules/forum/forum.module59
-rw-r--r--core/modules/forum/forum.test62
2 files changed, 97 insertions, 24 deletions
diff --git a/core/modules/forum/forum.module b/core/modules/forum/forum.module
index 07bee65..ae52bef 100644
--- a/core/modules/forum/forum.module
+++ b/core/modules/forum/forum.module
@@ -547,32 +547,43 @@ function forum_field_storage_pre_insert($entity_type, $entity, &$skip_fields) {
function forum_field_storage_pre_update($entity_type, $entity, &$skip_fields) {
$first_call = &drupal_static(__FUNCTION__, array());
- if ($entity_type == 'node' && $entity->status && _forum_node_check_node_type($entity)) {
- // We don't maintain data for old revisions, so clear all previous values
- // from the table. Since this hook runs once per field, per object, make
- // sure we only wipe values once.
- if (!isset($first_call[$entity->nid])) {
- $first_call[$entity->nid] = FALSE;
- db_delete('forum_index')->condition('nid', $entity->nid)->execute();
- }
- $query = db_insert('forum_index')->fields(array('nid', 'title', 'tid', 'sticky', 'created', 'comment_count', 'last_comment_timestamp'));
- foreach ($entity->taxonomy_forums as $language) {
- foreach ($language as $item) {
- $query->values(array(
- 'nid' => $entity->nid,
- 'title' => $entity->title,
- 'tid' => $item['tid'],
- 'sticky' => $entity->sticky,
- 'created' => $entity->created,
- 'comment_count' => 0,
- 'last_comment_timestamp' => $entity->created,
- ));
+ if ($entity_type == 'node' && _forum_node_check_node_type($entity)) {
+
+ // If the node is published, update the forum index.
+ if ($entity->status) {
+
+ // We don't maintain data for old revisions, so clear all previous values
+ // from the table. Since this hook runs once per field, per object, make
+ // sure we only wipe values once.
+ if (!isset($first_call[$entity->nid])) {
+ $first_call[$entity->nid] = FALSE;
+ db_delete('forum_index')->condition('nid', $entity->nid)->execute();
+ }
+ $query = db_insert('forum_index')->fields(array('nid', 'title', 'tid', 'sticky', 'created', 'comment_count', 'last_comment_timestamp'));
+ foreach ($entity->taxonomy_forums as $language) {
+ foreach ($language as $item) {
+ $query->values(array(
+ 'nid' => $entity->nid,
+ 'title' => $entity->title,
+ 'tid' => $item['tid'],
+ 'sticky' => $entity->sticky,
+ 'created' => $entity->created,
+ 'comment_count' => 0,
+ 'last_comment_timestamp' => $entity->created,
+ ));
+ }
}
+ $query->execute();
+ // The logic for determining last_comment_count is fairly complex, so
+ // call _forum_update_forum_index() too.
+ _forum_update_forum_index($entity->nid);
}
- $query->execute();
- // The logic for determining last_comment_count is fairly complex, so
- // call _forum_update_forum_index() too.
- _forum_update_forum_index($entity->nid);
+
+ // When a forum node is unpublished, remove it from the forum_index table.
+ else {
+ db_delete('forum_index')->condition('nid', $entity->nid)->execute();
+ }
+
}
}
diff --git a/core/modules/forum/forum.test b/core/modules/forum/forum.test
index 135f551..9d8a9f1 100644
--- a/core/modules/forum/forum.test
+++ b/core/modules/forum/forum.test
@@ -590,3 +590,65 @@ class ForumTestCase extends DrupalWebTestCase {
}
}
}
+
+/**
+ * Tests the forum index listing.
+ */
+class ForumIndexTestCase extends DrupalWebTestCase {
+
+ public static function getInfo() {
+ return array(
+ 'name' => 'Forum index',
+ 'description' => 'Tests the forum index listing.',
+ 'group' => 'Forum',
+ );
+ }
+
+ function setUp() {
+ parent::setUp('taxonomy', 'comment', 'forum');
+
+ // Create a test user.
+ $web_user = $this->drupalCreateUser(array('create forum content', 'edit own forum content', 'edit any forum content', 'administer nodes'));
+ $this->drupalLogin($web_user);
+ }
+
+ /**
+ * Tests the forum index for published and unpublished nodes.
+ */
+ function testForumIndexStatus() {
+
+ $langcode = LANGUAGE_NOT_SPECIFIED;
+
+ // The forum ID to use.
+ $tid = 1;
+
+ // Create a test node.
+ $title = $this->randomName(20);
+ $edit = array(
+ "title" => $title,
+ "body[$langcode][0][value]" => $this->randomName(200),
+ );
+
+ // Create the forum topic, preselecting the forum ID via a URL parameter.
+ $this->drupalPost('node/add/forum/' . $tid, $edit, t('Save'));
+
+ // Check that the node exists in the database.
+ $node = $this->drupalGetNodeByTitle($title);
+ $this->assertTrue(!empty($node), 'New forum node found in database.');
+
+ // Verify that the node appears on the index.
+ $this->drupalGet('forum/' . $tid);
+ $this->assertText($title, 'Published forum topic appears on index.');
+
+ // Unpublish the node.
+ $edit = array(
+ 'status' => FALSE,
+ );
+ $this->drupalPost("node/{$node->nid}/edit", $edit, t('Save'));
+ $this->assertText(t('Access denied'), 'Unpublished node is no longer accessible.');
+
+ // Verify that the node no longer appears on the index.
+ $this->drupalGet('forum/' . $tid);
+ $this->assertNoText($title, 'Unpublished forum topic no longer appears on index.');
+ }
+}