- changed status to open
Hidden Forum topics are public if you know the URL
Issue #60
resolved
Hidden Forum topics are public if you know the URL. This should not be the case, preferably.
To reproduce, open https://www.svcover.nl/forum.php?thread=677&page=59 in a private window.
Comments (3)
-
-
Also, probeer niet admin=1 in de url te zetten, grote kans dat je toegang krijgt tot de meest vreemde dingen.
-
- changed status to resolved
Fixed in the feature/twig branch. Will close this issue once that branch is merged into master.
- Log in to comment
Hahaha, and I just learned that there is indeed no ACL or whatever for that forum, it is just hard coded in the view that that forum (lucky number 7) should not be displayed to anyone not logged in.