[drupal-devel] Contributions: missing access checks
Dries Buytaert
dries at buytaert.net
Sat Jan 22 14:16:11 UTC 2005
Negyesi Karoly wrote:
>>4. I found several violations in core as well. Several queries in core
>>need to be reviewed and updated.
>
>
> Dries, send me the list, and I will do them.
These modules don't use node_rewrite_sql() when joining against the
node-table. They might need to be updated:
./modules/blogapi.module
./modules/book.module
./modules/comment.module
./modules/filter.module
./modules/node.module
./modules/ping.module
./modules/poll.module
./modules/queue.module
./modules/statistics.module
./modules/taxonomy.module
./modules/upload.module
The following modules still use node_access_join_sql() and/or
node_access_where_sql():
./modules/upload.module
--
Dries Buytaert :: http://www.buytaert.net/
More information about the drupal-devel
mailing list