In-Portal Issue Tracker

Welcome to the In-Portal Open Source CMS Issue Tracker! This is a central management / tracking tool for all types of tasks / issues / bugs for the In-Portal Project. Before reporting any issues, please make sure to read the Guide into Issue Tracker and How to Properly Test and Report Bugs!

Viewing Issue Simple Details Jump to Notes ] Wiki ] View Advanced ] Issue History ] Print ]
ID Category Type Reproducibility Date Submitted Last Update
0001312 [In-Portal CMS] Front End bug report always 2012-06-11 06:51 2012-07-25 05:29
Reporter alex View Status public Project Name Advanced
Assigned To alex Developer
Priority normal Resolution fixed Fixed in Version 1.2.0-RC1
Status closed Product Version 5.1.3 Target Version 5.2.0
Time EstimateNo estimate
Summary 0001312: CATEGORY.VIEW permission is not checked in templates
Description We don't check CATEGORY.VIEW permission on category listing pages and item .VIEW (e.g. LINK.VIEW, PRODUCT.VIEW) permissions on corresponding item detail pages.

This results in ability to open category/item detail page even if you don't have corresponding view permission, but only have direct link to that page.

Of course links to in accessible pages are not built anywhere, but page might have been public before (e.g. at time Google indexed it) but is inaccessible now.


Also I think that we should throw "403 Forbidden" HTTP code on "No Permission" page, where user is redirected after accessing a page which he can't access.
Additional Information
Tags No tags attached.
Reference https://groups.google.com/d/topic/in-portal-bugs/GB2NLFHiH6k/discussion
Change Log Message Fixes issue, when user still able to access pages, that became protected (via category permissions)
Estimate Points 1
Attached Files patch file icon view_permission_check_inside_categories.patch [^] (3,894 bytes) 2012-06-11 10:31 [Show Content]

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
User avatar (0004715)
alex (manager)
2012-06-11 10:32

Will test all together later.
User avatar (0004716)
alex (manager)
2012-06-11 10:33

Fix committed to 1.2.x branch. Commit Message:

Fixes 0001312: CATEGORY.VIEW permission is not checked in templates
User avatar (0004867)
alex (manager)
2012-07-25 05:29

Since 5.2.0 version was released.

- Related Changesets
Themes :: Advanced: 1.2.x r15388
Timestamp: 2012-06-11 10:33:14
Author: alex
Details ] Diff ]
Fixes 0001312: CATEGORY.VIEW permission is not checked in templates
mod - /themes/advanced/branches/1.2.x/in-bulletin/designs/section.tpl Diff ] File ]
mod - /themes/advanced/branches/1.2.x/in-bulletin/topics/topic_detail.tpl Diff ] File ]
mod - /themes/advanced/branches/1.2.x/in-commerce/designs/section.tpl Diff ] File ]
mod - /themes/advanced/branches/1.2.x/in-commerce/products/product_detail.tpl Diff ] File ]
mod - /themes/advanced/branches/1.2.x/in-link/designs/section.tpl Diff ] File ]
mod - /themes/advanced/branches/1.2.x/in-link/links/link_paid.tpl Diff ] File ]
mod - /themes/advanced/branches/1.2.x/in-link/links/link_standard.tpl Diff ] File ]
mod - /themes/advanced/branches/1.2.x/in-news/articles/article_detail.tpl Diff ] File ]
mod - /themes/advanced/branches/1.2.x/in-news/designs/section.tpl Diff ] File ]

- Issue History
Date Modified Username Field Change
2012-07-25 05:29 alex Note Added: 0004867
2012-07-25 05:29 alex Status resolved => closed
2012-06-11 10:33 alex Note Added: 0004716
2012-06-11 10:33 alex Status reviewed and tested => resolved
2012-06-11 10:33 alex Fixed in Version => 1.2.0-RC1
2012-06-11 10:33 alex Resolution open => fixed
2012-06-11 10:33 alex Assigned To !COMMUNITY => alex
2012-06-11 10:33 alex Changeset attached 1.2.x r15388
2012-06-11 10:32 alex Note Added: 0004715
2012-06-11 10:32 alex Status needs testing => reviewed and tested
2012-06-11 10:32 alex Assigned To => !COMMUNITY
2012-06-11 10:32 alex Developer => alex
2012-06-11 10:32 alex Status active => needs testing
2012-06-11 10:31 alex File Added: view_permission_check_inside_categories.patch
2012-06-11 06:52 alex Project In-Portal CMS => Advanced
2012-06-11 06:51 alex New Issue
2012-06-11 06:51 alex Reference => https://groups.google.com/d/topic/in-portal-bugs/GB2NLFHiH6k/discussion
2012-06-11 06:51 alex Change Log Message => Fixes issue, when user still able to access pages, that became protected (via category permissions)
2012-06-11 06:51 alex Estimate Points => 1



Web Development by Intechnic
In-Portal Open Source CMS
In-Portal Open Source CMS
Copyright © 2000 - 2009 MantisBT Group

Powered by Mantis Bugtracker