mlhess, coltrane, xjm, and jhodgdon, penyaskito: forward port DRUPAL-SA-CORE-2012-002 - Access bypass - forum listing.
catch
parent
f263e898da
commit
352645e4a6
|
|
@ -547,32 +547,43 @@ function forum_field_storage_pre_insert($entity_type, $entity, &$skip_fields) {
|
||||||
function forum_field_storage_pre_update($entity_type, $entity, &$skip_fields) {
|
function forum_field_storage_pre_update($entity_type, $entity, &$skip_fields) {
|
||||||
$first_call = &drupal_static(__FUNCTION__, array());
|
$first_call = &drupal_static(__FUNCTION__, array());
|
||||||
|
|
||||||
if ($entity_type == 'node' && $entity->status && _forum_node_check_node_type($entity)) {
|
if ($entity_type == 'node' && _forum_node_check_node_type($entity)) {
|
||||||
// We don't maintain data for old revisions, so clear all previous values
|
|
||||||
// from the table. Since this hook runs once per field, per object, make
|
// If the node is published, update the forum index.
|
||||||
// sure we only wipe values once.
|
if ($entity->status) {
|
||||||
if (!isset($first_call[$entity->nid])) {
|
|
||||||
$first_call[$entity->nid] = FALSE;
|
// We don't maintain data for old revisions, so clear all previous values
|
||||||
|
// from the table. Since this hook runs once per field, per object, make
|
||||||
|
// sure we only wipe values once.
|
||||||
|
if (!isset($first_call[$entity->nid])) {
|
||||||
|
$first_call[$entity->nid] = FALSE;
|
||||||
|
db_delete('forum_index')->condition('nid', $entity->nid)->execute();
|
||||||
|
}
|
||||||
|
$query = db_insert('forum_index')->fields(array('nid', 'title', 'tid', 'sticky', 'created', 'comment_count', 'last_comment_timestamp'));
|
||||||
|
foreach ($entity->taxonomy_forums as $language) {
|
||||||
|
foreach ($language as $item) {
|
||||||
|
$query->values(array(
|
||||||
|
'nid' => $entity->nid,
|
||||||
|
'title' => $entity->title,
|
||||||
|
'tid' => $item['tid'],
|
||||||
|
'sticky' => $entity->sticky,
|
||||||
|
'created' => $entity->created,
|
||||||
|
'comment_count' => 0,
|
||||||
|
'last_comment_timestamp' => $entity->created,
|
||||||
|
));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$query->execute();
|
||||||
|
// The logic for determining last_comment_count is fairly complex, so
|
||||||
|
// call _forum_update_forum_index() too.
|
||||||
|
_forum_update_forum_index($entity->nid);
|
||||||
|
}
|
||||||
|
|
||||||
|
// When a forum node is unpublished, remove it from the forum_index table.
|
||||||
|
else {
|
||||||
db_delete('forum_index')->condition('nid', $entity->nid)->execute();
|
db_delete('forum_index')->condition('nid', $entity->nid)->execute();
|
||||||
}
|
}
|
||||||
$query = db_insert('forum_index')->fields(array('nid', 'title', 'tid', 'sticky', 'created', 'comment_count', 'last_comment_timestamp'));
|
|
||||||
foreach ($entity->taxonomy_forums as $language) {
|
|
||||||
foreach ($language as $item) {
|
|
||||||
$query->values(array(
|
|
||||||
'nid' => $entity->nid,
|
|
||||||
'title' => $entity->title,
|
|
||||||
'tid' => $item['tid'],
|
|
||||||
'sticky' => $entity->sticky,
|
|
||||||
'created' => $entity->created,
|
|
||||||
'comment_count' => 0,
|
|
||||||
'last_comment_timestamp' => $entity->created,
|
|
||||||
));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
$query->execute();
|
|
||||||
// The logic for determining last_comment_count is fairly complex, so
|
|
||||||
// call _forum_update_forum_index() too.
|
|
||||||
_forum_update_forum_index($entity->nid);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -590,3 +590,65 @@ class ForumTestCase extends DrupalWebTestCase {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Tests the forum index listing.
|
||||||
|
*/
|
||||||
|
class ForumIndexTestCase extends DrupalWebTestCase {
|
||||||
|
|
||||||
|
public static function getInfo() {
|
||||||
|
return array(
|
||||||
|
'name' => 'Forum index',
|
||||||
|
'description' => 'Tests the forum index listing.',
|
||||||
|
'group' => 'Forum',
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
function setUp() {
|
||||||
|
parent::setUp('taxonomy', 'comment', 'forum');
|
||||||
|
|
||||||
|
// Create a test user.
|
||||||
|
$web_user = $this->drupalCreateUser(array('create forum content', 'edit own forum content', 'edit any forum content', 'administer nodes'));
|
||||||
|
$this->drupalLogin($web_user);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Tests the forum index for published and unpublished nodes.
|
||||||
|
*/
|
||||||
|
function testForumIndexStatus() {
|
||||||
|
|
||||||
|
$langcode = LANGUAGE_NOT_SPECIFIED;
|
||||||
|
|
||||||
|
// The forum ID to use.
|
||||||
|
$tid = 1;
|
||||||
|
|
||||||
|
// Create a test node.
|
||||||
|
$title = $this->randomName(20);
|
||||||
|
$edit = array(
|
||||||
|
"title" => $title,
|
||||||
|
"body[$langcode][0][value]" => $this->randomName(200),
|
||||||
|
);
|
||||||
|
|
||||||
|
// Create the forum topic, preselecting the forum ID via a URL parameter.
|
||||||
|
$this->drupalPost('node/add/forum/' . $tid, $edit, t('Save'));
|
||||||
|
|
||||||
|
// Check that the node exists in the database.
|
||||||
|
$node = $this->drupalGetNodeByTitle($title);
|
||||||
|
$this->assertTrue(!empty($node), 'New forum node found in database.');
|
||||||
|
|
||||||
|
// Verify that the node appears on the index.
|
||||||
|
$this->drupalGet('forum/' . $tid);
|
||||||
|
$this->assertText($title, 'Published forum topic appears on index.');
|
||||||
|
|
||||||
|
// Unpublish the node.
|
||||||
|
$edit = array(
|
||||||
|
'status' => FALSE,
|
||||||
|
);
|
||||||
|
$this->drupalPost("node/{$node->nid}/edit", $edit, t('Save'));
|
||||||
|
$this->assertText(t('Access denied'), 'Unpublished node is no longer accessible.');
|
||||||
|
|
||||||
|
// Verify that the node no longer appears on the index.
|
||||||
|
$this->drupalGet('forum/' . $tid);
|
||||||
|
$this->assertNoText($title, 'Unpublished forum topic no longer appears on index.');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue