#796 Wiki : "Search entire site" reveals restricted pag

v1.7.3
closed-duplicate
nobody
7
2003-10-27
2003-09-14
No

I have Tiki 1.7.1.1 installed. I enabled Search site for
anonymous visitors. Since my site's a personal one,
there's some content there that I don't want casual
visitors to see.

By using the Search site function, however, the casual
visitor can see some content in wiki pages that are
restricted for viewing by only the Admin user.

This is an obvious security flaw because business and
program logic dictates that if a page has a permission
setting of view only by Admin, the Anonymous and
Registered users should not be able to see it.

Please make this a priority fix.

Thanks very much!

Discussion

  • Philippe Cloutier

    • priority: 5 --> 7
    • summary: Search entire site reveals restricted wiki pages --> Wiki : "Search entire site" reveals restricted pages
     
  • Philippe Cloutier

    Logged In: YES
    user_id=738765

    Thx for this report.
    I reported it on WikiDev.

     
  • Dennis Daniels

    Dennis Daniels - 2003-10-12
    • summary: Wiki : "Search entire site" reveals restricted pages --> Wiki : "Search entire site" reveals restricted pages
     
  • Philippe Cloutier

    • status: open --> open-accepted
     
  • Philippe Cloutier

    Logged In: YES
    user_id=738765

    Updated to 1.7.2.
    Reported to SearchDev and PermissionDev too.

     
  • Philippe Cloutier

    • milestone: 324176 --> 337038
    • summary: Wiki : "Search entire site" reveals restricted pages --> Wiki : "Search entire site" reveals restricted pag
     
  • Philippe Cloutier

    • milestone: 337038 --> v1.7.3
    • status: open-accepted --> closed-duplicate
     
  • D.H. Mattison

    D.H. Mattison - 2003-10-25

    Logged In: YES
    user_id=829912

    Updating this item for category / group / subject line or other
    data. No real change to the item, just house-keeping.

     
  • D.H. Mattison

    D.H. Mattison - 2003-10-25

    Logged In: YES
    user_id=829912

    I've now gone through both versions 1.7.2 and 1.7.3 and am
    still experiencing this problem. Thanks very much for your
    continuing work on resolving it.

     
  • D.H. Mattison

    D.H. Mattison - 2003-10-25
    • status: closed-duplicate --> open-duplicate
     
  • Philippe Cloutier

    • status: open-duplicate --> closed-duplicate
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks