diff options
| -rw-r--r-- | CHANGELOG.txt | 3 | ||||
| -rw-r--r-- | includes/bootstrap.inc | 2 | ||||
| -rw-r--r-- | modules/comment/comment.module | 6 | ||||
| -rw-r--r-- | modules/file/tests/file.test | 13 |
4 files changed, 21 insertions, 3 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 2522289d6..3f953cef2 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,6 +1,7 @@ -Drupal 7.5-dev, xxxx-xx-xx (development version) +Drupal 7.5, 2011-07-27 ---------------------- +- Fixed security issue (Access bypass), see SA-CORE-2011-003. Drupal 7.4, 2011-06-29 ---------------------- diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index 603431176..e9837da30 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -8,7 +8,7 @@ /** * The current system version. */ -define('VERSION', '7.5-dev'); +define('VERSION', '7.5'); /** * Core API compatibility. diff --git a/modules/comment/comment.module b/modules/comment/comment.module index 393318a21..c17c5a6be 100644 --- a/modules/comment/comment.module +++ b/modules/comment/comment.module @@ -2688,6 +2688,10 @@ function comment_rdf_mapping() { */ function comment_file_download_access($field, $entity_type, $entity) { if ($entity_type == 'comment') { - return user_access('access comments') && $entity->status == COMMENT_PUBLISHED || user_access('administer comments'); + if (user_access('access comments') && $entity->status == COMMENT_PUBLISHED || user_access('administer comments')) { + $node = node_load($entity->nid); + return node_access('view', $node); + } + return FALSE; } } diff --git a/modules/file/tests/file.test b/modules/file/tests/file.test index d3d79bf9d..0e5f97d84 100644 --- a/modules/file/tests/file.test +++ b/modules/file/tests/file.test @@ -540,6 +540,7 @@ class FileFieldWidgetTestCase extends FileFieldTestCase { 'title' => $this->randomName(), ); $this->drupalPost('node/add/article', $edit, t('Save')); + $node = $this->drupalGetNodeByTitle($edit['title']); // Add a comment with a file. $text_file = $this->getTestFile('text'); @@ -569,6 +570,18 @@ class FileFieldWidgetTestCase extends FileFieldTestCase { $this->drupalLogout(); $this->drupalGet(file_create_url($comment_file->uri)); $this->assertResponse(403, t('Confirmed that access is denied for the file without the needed permission.')); + + // Unpublishes node. + $this->drupalLogin($this->admin_user); + $edit = array( + 'status' => FALSE, + ); + $this->drupalPost('node/' . $node->nid . '/edit', $edit, t('Save')); + + // Ensures normal user can no longer download the file. + $this->drupalLogin($user); + $this->drupalGet(file_create_url($comment_file->uri)); + $this->assertResponse(403, t('Confirmed that access is denied for the file without the needed permission.')); } } |