In-Portal Issue Tracker

Welcome to the In-Portal Open Source CMS Issue Tracker! This is a central management / tracking tool for all types of tasks / issues / bugs for the In-Portal Project. Before reporting any issues, please make sure to read the Guide into Issue Tracker and How to Properly Test and Report Bugs!

Dependency Graph View Issue ] Relation Graph ] Horizontal ]
related to child of duplicate of

Viewing Issue Simple Details
ID Category Type Reproducibility Date Submitted Last Update
0001312 [In-Portal CMS] Front End bug report always 2012-06-11 06:51 2012-07-25 05:29
Reporter alex View Status public  
Assigned To alex
Priority normal Resolution fixed  
Status closed      
Summary 0001312: CATEGORY.VIEW permission is not checked in templates
Description We don't check CATEGORY.VIEW permission on category listing pages and item .VIEW (e.g. LINK.VIEW, PRODUCT.VIEW) permissions on corresponding item detail pages.

This results in ability to open category/item detail page even if you don't have corresponding view permission, but only have direct link to that page.

Of course links to in accessible pages are not built anywhere, but page might have been public before (e.g. at time Google indexed it) but is inaccessible now.


Also I think that we should throw "403 Forbidden" HTTP code on "No Permission" page, where user is redirected after accessing a page which he can't access.
Additional Information



Web Development by Intechnic
In-Portal Open Source CMS
In-Portal Open Source CMS
Copyright © 2000 - 2009 MantisBT Group

Powered by Mantis Bugtracker