non-member can add blog entry
Bug #344394 reported by
Nat Katin-Borland
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
KARL3 |
Fix Released
|
Medium
|
Tres Seaver |
Bug Description
A non-member can add/edit/delete a blog entry in a community that they are not a member of. Signed in as Staff1 and visited Testing Place community, which Staff1 is not a member of. Staff1 was still able to add/edit/delete blog entries.
Changed in karl3: | |
assignee: | nobody → paul-agendaless |
importance: | Undecided → Medium |
milestone: | none → m4 |
Changed in karl3: | |
milestone: | m4 → m7 |
Changed in karl3: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Right. In general, we're not testing things regarding security at the
moment (per the agreement), but it's ok to file things you might find.
--Paul
On Mar 17, 2009, at 1:15 PM, Nat Katin-Borland wrote:
> Public bug reported: /bugs.launchpad .net/bugs/ 344394
>
> A non-member can add/edit/delete a blog entry in a community that they
> are not a member of. Signed in as Staff1 and visited Testing Place
> community, which Staff1 is not a member of. Staff1 was still able to
> add/edit/delete blog entries.
>
> ** Affects: karl3
> Importance: Medium
> Assignee: Paul Everitt (paul-agendaless)
> Status: New
>
>
> ** Tags: show-blog
>
> ** Changed in: karl3
> Importance: Undecided => Medium
> Assignee: (unassigned) => Paul Everitt (paul-agendaless)
> Target: None => m4
>
> ** Tags added: show-blog
>
> --
> non-member can add blog entry
> https:/
> You received this bug notification because you are a bug assignee.
>
> Status in Porting KARL to a new architecture: New
>
> Bug description:
> A non-member can add/edit/delete a blog entry in a community that
> they are not a member of. Signed in as Staff1 and visited Testing
> Place community, which Staff1 is not a member of. Staff1 was still
> able to add/edit/delete blog entries.