security upadtes

sites/all/modules/references/references.module

@@ -13,8 +13,8 @@
  */
 function reference_autocomplete_access($entity_type, $bundle, $field_name, $entity = NULL, $account = NULL) {
   return user_access('access content', $account)
-      && ($field = field_info_field($field_name))
       && field_info_instance($entity_type, $field_name, $bundle)
+      && ($field = field_info_field($field_name))
       && field_access('view', $field, $entity_type, $entity, $account)
       && field_access('edit', $field, $entity_type, $entity, $account);
 }