Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-1645

Renaming the secured page (in anonymours role's URL acl) does not update URL acl definition

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • None
    • None
    • None
    • None
    • 3.1-SNAPSHOT
      JBoss 4.0.5

    Description

      Scenation:

      1. create a page called pageA and publish on public instance
      2. on public instance enter URL acl for anonymous role protecting access to the pageA
      3. try to access pageA - you will get login prompt
      4. on author, rename pageA to pageB and republish
      5. try to access pageB and it is unsecured.

      pageB is unsecured because anonymous role URL acl didn't "update" page name. It stayed pageA. (i think its because it is not ussing UUID internally but just a string)

      Potential side effects can be very serious for public sites.

      Workaround:

      • don't rename pages once secured
      • after renaming pages updated anonymous role URL acl

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                kraft Boris Kraft
                zambak zam6ak
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Bug DoR
                    Task DoD