Privacy Bug With Frontforum
Bugs » #7
This section on the Community is no longer supported, in favour of Wikidot's Official Feedback Site.
It is retained here for archiving purposes.
Bugs
Tags
attached-files
backlinks
block
bug
button
categories
code
comments
css
custom
deleting
disabled
div
edit-sections
embed
false
file
files
filesize
float
format
formating
forum
frontforum
gallery
hidden
html
iframe
include
listpages
live-template
lock
manager
page-variables
pictures
postgresql
posting
privacy
recognizing
rename
save
security-error
slow
social
tag
template
timeout
upload
url
Posted by gerdami on 02 May 2008 18:04, last edited on 04 Mar 2009 14:03
This bug has been fixed |
Description
If you can read what follows (i.e. between the 2 lines), there is a privacy bug with module FrontForum which displays threads from my private wiki.
The requested category belongs to a private site.
How to Reproduce
[[module FrontForum category="1835" limit="3"]]
%%title%%
[[size smaller]]%%date|%O ago (%e %b %Y, %H:%M %Z)%%[[/size]]
[[/module]]
Browsers
Not browser dependent.
Has bug
Works correctly
Workarounds
Contact
Rate this Bug
Rate the urgency of this bug. If you think it is more urgent and important than it's current rating suggests, rate it up.
Fixed!
Michał Frąckowiak @ Wikidot Inc.
Visit my blog at michalf.me
Michal, Helmut reported some time ago that the same security issue exists for images from private sites.
See Helmut's post, 2 Jul 2007, 14:39
picture bug is now on bug list.