The profile ID can be changed at run-time (e.g. by issueing a maliciously modified GET request), thus "non granted" facets can be executed by anybody who knows the profile ID !
Logged In: YES user_id=1129612
OK fixed bug : now looks in request params/attrs only in unauthenticated mode. Gets profileID from session in auth mode.
Log in to post a comment.
Logged In: YES
user_id=1129612
OK fixed bug : now looks in request params/attrs only in
unauthenticated mode.
Gets profileID from session in auth mode.