Just looking at my modules and seemed that context was doomed :(
As seen in this post http://groups.drupal.org/node/60313, we cannot normally upgrade the module as it's patched.
I just repatched the 2.0rc4 and it works without a problem :)
Here's how I did it.
Download the new context 2.0rc4 from http://ftp.drupal.org/files/projects/context-6.x-2.0-rc4.tar.gz
Open the tar.gz en edit the context.core.inc file.
Go to line #310 and remove the following:
/**
* Implementation of hook_nodeapi().
*/
function context_nodeapi(&$node, $op, $teaser, $page) {
if ($op == 'view' && $page && ($menu_ob = menu_get_object()) && $menu_ob->nid == $node->nid) {
context_node_condition($node, $op);
}
}
Now add the following text to the file on the place where you just deleted the lines:
/**
* Implementation of hook_nodeapi().
*/
function context_nodeapi(&$node, $op, $teaser, $page) {
$is_current_node = FALSE;
if (arg(0) == 'node' && is_numeric(arg(1)) && arg(2) == NULL ) {
if (arg(1) == $node->nid) {
$is_current_node = TRUE;
}
}
if ($is_current_node) {
context_node_condition($node, $op);
// Implementation of context_set_by_condition for node.
context_set_by_condition('node', $node->type);
}
}
Upgrade the module and it should be ok.
I can't say for certain that it will work on any site, but maybe Irakli can tell you.
- Ronald
Comments
Thanks for the information.
Thanks for the information. Drupal alerted me to a security update for Context, and I installed the update. I hope this work-around gets folded into whatever future upgrade.
Just to clarify: the
Just to clarify: the "vulnerability" in Context is not really critical, it can only be exploited if non-privileged users are, for some reason, given "administer blocks" permission, which somebody should be out of their minds to ever do, in the first place, if you ask me.
Anyway, @resveld, thanks a lot for posting the workaround.
.............................................
http://twitter.com/inadarei