8000 Session-less contexts allows viewing of unpublished resources · Issue #7652 · modxcms/revolution · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Session-less contexts allows viewing of unpublished resources #7652

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
MokoJumbie opened this issue Apr 25, 2012 · 1 comment
Closed

Session-less contexts allows viewing of unpublished resources #7652

MokoJumbie opened this issue Apr 25, 2012 · 1 comment
Labels
area-core bug The issue in the code or project, which should be addressed.
Milestone
Revolution-2.2.2-pl

Comments

@MokoJumbie
Copy link

MokoJumbie created Redmine issue ID 7652

Enabling the "Session-less contexts feature blogged about by Jason Coward on the MODX blog":http://develop.modx.com/blog/2012/04/05/new-for-2.2.1-session-less-contexts/ is causing unpublished resources to be viewable by anonymous web users.

Workaround: Disabling session-less contexts restores the expected behaviour of refusing access of unpublished resources to anonymous users.
@opengeek
Copy link
Member

opengeek submitted:

Thanks for catching this one; fixed for 2.2.2-pl

enigmatic-user pushed a commit to enigmatic-user/revolution that referenced this issue Feb 13, 2014
@opengeek
[modxcms#7652] Sessionless contexts allowing anonymous access to unpu…
baae2f1 
…blished resources
enigmatic-user pushed a commit to enigmatic-user/revolution that referenced this issue Feb 13, 2014
@opengeek
MODX Revolution 2.2.2-pl
46d3851 
Merge branch 'release-2.2'

* release-2.2: (50 commits)
  Update release date in changelog
  Fix new CLI installs broken by upgrade fix
  Preserve GET parameters for container_suffix redirects
  Allow custom FURLs via URL rewriting again
  [modxcms#7427] Fix request_method_strict with FURLs off
  Bump version for 2.2.2-pl release
  Add ability to extend manager session by relogging in without leaving manager screen; Add better handling for AJAX exceptions, displaying AJAX errors
  [modxcms#7649] Prevent E_NOTICE when using ago filter within <1sec difference
  [modxcms#7568] Add JSON to default content types
  [modxcms#7549] Open new window for phpinfo in system info page
  Flip page title on manager pages for easier readability in browser tabs; closes modxcms#300
  [modxcms#7543] Add extra sanity checks for ellipsis output filter
  Fix modAction overloading issue
  Actually fix CLI upgrades not loading config data
  Fix bug with creating a new category in the root causing a js error and not properly closing the window and refreshing the tree.
  Add config_ttf_directory setting for ttf font folder to make water-text-marks work
  CLI upgrades not loading MODX config data
  [modxcms#7652] Sessionless contexts allowing anonymous access to unpublished resources
  [modxcms#7646] Increase size of modSession.id field
  Fix notice error in tv/create processor
  ...
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-core bug The issue in the code or project, which should be addressed.
Projects
None yet
Milestone
Revolution-2.2.2-pl
Development

No branches or pull requests
2 participants
@opengeek @MokoJumbie
0