Restricted Content Available to Unauthorized User
Bug #370019 reported by
Anthony
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
KARL3 |
Fix Released
|
Low
|
Chris Rossi |
Bug Description
First, as 'user 1' who has access to a restricted community, I visit the restricted pages and copy the URL of that page.
Next, logoff and login as 'user 2' who does not have access to the restricted community. Visit the community page and verify that you are not able to see this restricted community. All okay.
Next, paste the copied URL from step 1 listed above in the browser and the restricted content is displayed to 'user 2' eventhough he is not a member of this restricted community.
I verified that this does not occur in KARL 2.
Changed in karl3: | |
assignee: | nobody → Paul Everitt (paul-agendaless) |
milestone: | none → m12 |
Changed in karl3: | |
importance: | Undecided → Medium |
Changed in karl3: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Hmm, I wasn't able to recreate this with a wiki page. *Perhaps* this
is related to the thing where you clicked on "logout" via the
Forbidden screen, but it didn't actually log you out?
If possible, could we have a phone call tomorrow (Friday) morning and
go through this? I'd like to jump on this fast.
--Paul
On Apr 30, 2009, at 3:16 PM, Anthony wrote:
> Public bug reported: /bugs.launchpad .net/bugs/ 370019
>
> First, as 'user 1' who has access to a restricted community, I visit
> the
> restricted pages and copy the URL of that page.
>
> Next, logoff and login as 'user 2' who does not have access to the
> restricted community. Visit the community page and verify that you
> are
> not able to see this restricted community. All okay.
>
> Next, paste the copied URL from step 1 listed above in the browser and
> the restricted content is displayed to 'user 2' eventhough he is not a
> member of this restricted community.
>
> I verified that this does not occur in KARL 2.
>
> ** Affects: karl3
> Importance: Undecided
> Assignee: Paul Everitt (paul-agendaless)
> Status: New
>
> ** Changed in: karl3
> Milestone: None => m12
>
> ** Changed in: karl3
> Assignee: (unassigned) => Paul Everitt (paul-agendaless)
>
> --
> Restricted Content Available to Unauthorized User
> https:/
> You received this bug notification because you are a bug assignee.
>
> Status in Porting KARL to a new architecture: New
>
> Bug description:
> First, as 'user 1' who has access to a restricted community, I visit
> the restricted pages and copy the URL of that page.
>
> Next, logoff and login as 'user 2' who does not have access to the
> restricted community. Visit the community page and verify that you
> are not able to see this restricted community. All okay.
>
> Next, paste the copied URL from step 1 listed above in the browser
> and the restricted content is displayed to 'user 2' eventhough he is
> not a member of this restricted community.
>
> I verified that this does not occur in KARL 2.