27 Aug
2009
27 Aug
'09
12:38 a.m.
User: jrglasgow Branch: DRUPAL-6--1 Date: Wed, 26 Aug 2009 22:38:13 +0000 Modified files: /modules/wlw_blogapi wlw_blogapi.module Log message: added additional permissions for the admin settings page: "manage menus and content types for wlw" "manage wlw file upload settings" we realized that with the one setting that anyone with the permission "administer content with blog api" could change the settings, which poses a security risk if they changed the setting to allow themselves to upload a php script and execute. Links: http://cvs.drupal.org/diff.php?path=contributions/modules/wlw_blogapi/wlw_bl...