Issue status update for http://drupal.org/node/27873 Post a follow up: http://drupal.org/project/comments/add/27873 Project: Drupal Version: cvs Component: node.module Category: bug reports Priority: normal Assigned to: willmoy Reported by: willmoy Updated by: willmoy -Status: patch (code needs work) +Status: patch (code needs review) Attachment: http://drupal.org/files/issues/27873-node.module-cvs_0.patch (977 bytes) This patch updated as the 4.6.2 one was. willmoy Previous comments: ------------------------------------------------------------------------ Sun, 31 Jul 2005 01:01:32 +0000 : willmoy Later cousin of http://drupal.org/node/27864 for 4.6.2 To reproduce: - Take a page which is denied to anonymous users by node_privacy_byrole - Go to it as an anonymous user - Receive 404 error cvs shares the same code for both the view and edit ops, so a slightly larger patch ------------------------------------------------------------------------ Sun, 31 Jul 2005 01:03:25 +0000 : willmoy Attachment: http://drupal.org/files/issues/27873-node.module-cvs.patch (977 bytes) patch attached ------------------------------------------------------------------------ Sun, 31 Jul 2005 10:19:24 +0000 : Dries That code is insecure and may lead to SQL injection attacks.