Maintainer Newsletter

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.
For the newly added newsletter for CVS account holders: http://drupal.org/maintainer-news

October 2008 Maintainer News Draft

Posted by pwolanin on April 16, 2008 at 10:26pm
Last updated by pwolanin on Wed, 2008-10-15 15:03

Security team update

We recently released SA-2008-063 for multiple contributed modules. This was due to incorrect implementation of hook_menu in Drupal 6.

Incorrect:

'access callback' => user_access('administer nodes'),

This evaluates to TRUE and leaves the page wide open to any user who might come across it.

Correct:

'access callback' => 'user_access',
'access arguments' => array('administer nodes'),

or even more simply:

Read more
Categories:
Subscribe with RSS Syndicate content

Drupal Newsletter

Group organizers

Group categories

Drupal Newsletter

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: