LabTrove / Bugs / #146 some pages in a private notebook are public

#146 some pages in a private notebook are public

Milestone: v2.4

Status: closed-fixed

Owner: David R Newman

Labels: templates (1) security (1)

Priority: 5

Updated: 2014-07-26

Created: 2014-06-27

Creator: rscdaya

Private: No

These pages are visible to anyone without logging in:
http://chemtrove.rsc-us.org/template.php?bit_id=286
http://rscchemtrove.liberata.com/template.php?bit_id=354
despite the first example being in a labtrove instance which has been locked down (not public) and the second being in a notebook that should only be visible to its notebook users.
This is particularly important since they correspond to "edit" pages so that someone could spend a lot of time filling in those template fields and then lose it all when they click to save or publish it.
It might be a good idea to review other urls in case the bug affects them too if possible (in case it's more widespread than this one example)...

Discussion

David R Newman - 2014-07-26

Fixed in revision 829.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

David R Newman - 2014-07-26

labels: --> templates, security

status: open --> closed-fixed

assigned_to: David R Newman

Group: For Review --> v2.4
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

some pages in a private notebook are public

Group

Searches

Help

#146 some pages in a private notebook are public

Discussion