Tags:
create new tag
, view all tags

Bug: Formatted search ignores access permission when used with "order" option

Formatted search return the content of an access restricted page when used with the "order" option (this is not the case when used without the "order" option).

Users with no access permission for a resctricted page can view its content that way.

Test case

  1. Have unrestricted Web
  2. Create new page with some content and * Set ALLOWTOPICVIEW = Main.YourName
  3. Check WebIndex page with guest => no content is listed for new page
  4. Check WebChanges page with guest => content is listed for new page (Error!)

Environment

TWiki version: TWikiRelease04Sep2004
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS: SuSE Linux 9.2
Web server: Apache 2.50
Perl version: 5.8.5
Client OS: Mandriva Linux Cooker
Web Browser: Firefox 1.0.6

-- HolmRauchfuss - 03 Oct 2005

Impact and Available Solutions

Follow up

Added hot fix which works for me:

formattedsearchhotfix.patch

-- HolmRauchfuss - 03 Oct 2005

Fix record

Discussion

Topic attachments
I Attachment History Action Size Date Who Comment
Unknown file formatpatch formattedsearchhotfix.patch r1 manage 0.9 K 2005-10-03 - 23:39 HolmRauchfuss Patch to prevent display of content from access restricted page by formatted search with "order" option
Topic revision: r1 - 2005-10-03 - HolmRauchfuss
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.