cover-webcie / cover-php / issues / #60 - Hidden Forum topics are public if you know the URL — Bitbucket

Issue #60 resolved

Martijn Luinstra created an issue 2016-01-07

Hidden Forum topics are public if you know the URL. This should not be the case, preferably.

To reproduce, open https://www.svcover.nl/forum.php?thread=677&page=59 in a private window.

Comments (3)

Jelmer van der Linde
- changed status to open
Hahaha, and I just learned that there is indeed no ACL or whatever for that forum, it is just hard coded in the view that that forum (lucky number 7) should not be displayed to anyone not logged in.
- 2016-01-13T13:09:57+00:00
Jelmer van der Linde
Also, probeer niet admin=1 in de url te zetten, grote kans dat je toegang krijgt tot de meest vreemde dingen.
- 2016-01-13T13:16:50+00:00
Jelmer van der Linde
- changed status to resolved
Fixed in the feature/twig branch. Will close this issue once that branch is merged into master.
- 2016-11-13T22:43:12+00:00
Log in to comment

Assignee: –

Type: bug

Priority: major

Status: resolved

Version: –

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!