|Created:||August 9, 2011||Updated:||August 10, 2011|
|Description:||From the Drupal advisory:
Drupal 7 contains two new features: the ability to attach File upload fields to any entity type in the system and the ability to point individual File upload fields to the private file directory.
If a Drupal site is using these features on comments, and the parent node is denied access (either by a node access module or by being unpublished), the file attached to the comment can still be downloaded by non-privileged users if they know or guess its direct URL.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds