Users can delete submitted page through URL
Bug #1425306 reported by
Yuliya Bozhko
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
Medium
|
Yuliya Bozhko | ||
1.10 |
Fix Released
|
Medium
|
Robert Lyon | ||
1.8 |
Fix Released
|
Medium
|
Robert Lyon | ||
1.9 |
Fix Released
|
Medium
|
Robert Lyon |
Bug Description
To reproduce:
- Create a page
- Submit it to a group
- Check that there is no 'Delete' button on 'Pages' web-page for this page
- Find out page ID (through page view URL)
- Go to YOURSITE/
- See that you can easily delete a page
CVE References
Changed in mahara: | |
status: | Confirmed → Fix Committed |
milestone: | none → 15.04.0 |
importance: | Undecided → Medium |
information type: | Public → Public Security |
Changed in mahara: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Patch for "master" branch: https:/ /reviews. mahara. org/4320