[drupal-devel] [bug] The anonymous user account can be edited
Robin Monks
drupal-devel at drupal.org
Tue Jun 28 11:31:54 UTC 2005
Issue status update for http://drupal.org/node/25605
Project: Drupal
Version: 4.6.1
Component: user system
Category: bug reports
Priority: critical
Assigned to: Robin Monks
Reported by: nysus
Updated by: Robin Monks
Status: patch
Anyways, my patch still applies (chx had concerns earlier, but the patch
was made correctly and seems to be OK). And it's been tested to work.
I also like the fact that mine covers the entire user, and not just the
edit portion.
Robin
Robin Monks
Previous comments:
------------------------------------------------------------------------
June 23, 2005 - 13:06 : nysus
Any user, anonymous or otherwise, can go to /user/0/edit and edit the
account of the anonymous user.
------------------------------------------------------------------------
June 24, 2005 - 11:20 : Robin Monks
I'll take care of this one :-)
CONFIRMED on WinXP/Xitami CVS
Robin
------------------------------------------------------------------------
June 24, 2005 - 11:41 : Robin Monks
Attachment: http://drupal.org/files/issues/annon.user.edit.fix (1.92 KB)
Here is the patch. It removes the /edit and /delete operation from user
0.
Tested to work on CVS HEAD.
Robin
------------------------------------------------------------------------
June 24, 2005 - 16:32 : killes at www.drop.org
Attachment: http://drupal.org/files/issues/user-edit-fix.patch (999 bytes)
The patch didn't apply on head. I also like my solution better. ;)
------------------------------------------------------------------------
June 27, 2005 - 19:17 : Dries
killes: your patch looks broken. Shouldn't $user->uid be arg(1)?
------------------------------------------------------------------------
June 27, 2005 - 19:31 : killes at www.drop.org
One of us is confused, but who?
I don't think that $user->uid has to be == arg(1). it is a global var.
More information about the drupal-devel
mailing list