Bug: Formatted search ignores access permission when used with "order" option
Formatted search return the content of an access restricted page when used with the "order" option (this is not the case when used without the "order" option). Users with no access permission for a resctricted page can view its content that way.Test case
- Have unrestricted Web
- Create new page with some content and * Set ALLOWTOPICVIEW = Main.YourName
- Check WebIndex page with guest => no content is listed for new page
- Check WebChanges page with guest => content is listed for new page (Error!)
Environment
| TWiki version: | TWikiRelease04Sep2004 |
| TWiki plugins: | DefaultPlugin, EmptyPlugin, InterwikiPlugin |
| Server OS: | SuSE Linux 9.2 |
| Web server: | Apache 2.50 |
| Perl version: | 5.8.5 |
| Client OS: | Mandriva Linux Cooker |
| Web Browser: | Firefox 1.0.6 |
Impact and Available Solutions
Follow up
Added hot fix which works for me: formattedsearchhotfix.patch -- HolmRauchfuss - 03 Oct 2005Fix record
Discussion
| ChangeProposalForm | |
|---|---|
| TopicClassification | BugReport |
| TopicSummary | Formatted search ignores access permission when used with "order" option |
| CurrentState | UnderInvestigation |
| OutstandingIssues | |
| RelatedTopics | |
| InterestedParties | |
| ProposedFor | |
| TWikiContributors | |
| I | Attachment | Action | Size | Date | Who | Comment |
|---|---|---|---|---|---|---|
 patch |
formattedsearchhotfix.patch | manage | 0.9 K | 2005-10-03 - 23:39 | HolmRauchfuss | Patch to prevent display of content from access restricted page by formatted search with "order" option |
Edit | Attach | Print version | History: r1 | Backlinks | Raw View | Raw edit | More topic actionsTopic revision: r1 - 2005-10-03 - HolmRauchfuss
Home 
Site map
Blog web
Create New Topic
Index
Search
Advanced search
My topics of interest
Changes
Major changes only
All tags
Notifications
RSS Feed
Statistics
Preferences
Community 
Readme first
Developers News
How you can help
Community roles
#twiki IRC
Jerusalem Release
Feature Proposals
Bugs Changes
Categories 
Account 
Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.Copyright © 1999-2012 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.