summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGábor Hojtsy2011-11-23 09:55:16 (GMT)
committer Gábor Hojtsy2011-11-23 09:55:16 (GMT)
commitb3df6a3dd129172566cf629bfa6ce8d3e3a7d047 (patch)
tree89c987d20f8208ce8c48be5143c7152682e1c002
parent170419fe73d0e9dbb06db6edaea6655276810a0a (diff)
Issue #1173012 by carlos8f, Fabianx: fix poll_block() to not wrap the block list operation in permission checks which could result in block placement and configuration lost when block rehashing is run with a user lacking permissions to view content
-rw-r--r--modules/poll/poll.module34
1 files changed, 16 insertions, 18 deletions
diff --git a/modules/poll/poll.module b/modules/poll/poll.module
index a312eca..7bc5587 100644
--- a/modules/poll/poll.module
+++ b/modules/poll/poll.module
@@ -127,26 +127,24 @@ function _poll_menu_access($node, $perm, $inspect_allowvotes) {
* Generates a block containing the latest poll.
*/
function poll_block($op = 'list', $delta = 0) {
- if (user_access('access content')) {
- if ($op == 'list') {
- $blocks[0]['info'] = t('Most recent poll');
- return $blocks;
- }
- else if ($op == 'view') {
- // Retrieve the latest poll.
- $sql = db_rewrite_sql("SELECT MAX(n.created) FROM {node} n INNER JOIN {poll} p ON p.nid = n.nid WHERE n.status = 1 AND p.active = 1");
- $timestamp = db_result(db_query($sql));
- if ($timestamp) {
- $poll = node_load(array('type' => 'poll', 'created' => $timestamp, 'status' => 1));
-
- if ($poll->nid) {
- $poll = poll_view($poll, TRUE, FALSE, TRUE);
- }
+ if ($op == 'list') {
+ $blocks[0]['info'] = t('Most recent poll');
+ return $blocks;
+ }
+ else if ($op == 'view' && user_access('access content')) {
+ // Retrieve the latest poll.
+ $sql = db_rewrite_sql("SELECT MAX(n.created) FROM {node} n INNER JOIN {poll} p ON p.nid = n.nid WHERE n.status = 1 AND p.active = 1");
+ $timestamp = db_result(db_query($sql));
+ if ($timestamp) {
+ $poll = node_load(array('type' => 'poll', 'created' => $timestamp, 'status' => 1));
+
+ if ($poll->nid) {
+ $poll = poll_view($poll, TRUE, FALSE, TRUE);
}
- $block['subject'] = t('Poll');
- $block['content'] = drupal_render($poll->content);
- return $block;
}
+ $block['subject'] = t('Poll');
+ $block['content'] = drupal_render($poll->content);
+ return $block;
}
}