Can an anonymous user see the already seized forms?

« 
Previous topic
|
Developer
|
Next topic
 »
Author Message

Bruno Le Calvez

Friday 06 October 2006 1:41:43 am

Salut (Hi),

I created an access to the form with this code (for my anonymous users): 

<form method="post" action="/my_site/content/action" name="fullview" style="display:none">
<input type="hidden" name="NodeID" value="88" />
<input type="hidden" name="ClassID" value="20" />	 
<input type="hidden" name="NewButton"/>
</form>
<a href="#" onclick="goinedition()">link</a>

But, after insertion, another anonymous user can as follows have access to the form of another user, with this link: 

http://mysite/content/edit/1676/1

And my client want diffuse a link towards the form and he used this link.

I have affected the rights "create" and "edit" to the user anonymous on the class concerned.
If I withdraw "edit" the user doesn't have access to the form in creation?

Can you help me, please ;)

Thank you for your assistance,
Bruno

Claudia Kosny

Friday 06 October 2006 4:44:07 am

Hi Bruno

maybe you can limit the edit function to owner 'self or anonymous users per http session'.

Claudia

Xavier Dutoit

Friday 06 October 2006 4:57:54 am

Hi Bruno,

What is the version you're using ?

Have a look at this bug report, it contains a lot of information and links.

http://ez.no/bugs/view/6680

X+

P.S. Tu as plus de réponses à des questions qui n'ont pas déjà été posées des tas de fois ;ç)

http://www.sydesy.com
Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.

eZ debug

Timing: Jan 19 2025 01:16:44
Script start
Timing: Jan 19 2025 01:16:44
Module start 'layout'
Timing: Jan 19 2025 01:16:44
Module start 'content'
Timing: Jan 19 2025 01:16:44
Module end 'content'
Timing: Jan 19 2025 01:16:44
Script end

Main resources:

Total runtime0.0165 sec
Peak memory usage2,048.0000 KB
Database Queries3

Timing points:

CheckpointStart (sec)Duration (sec)Memory at start (KB)Memory used (KB)
Script start 0.00000.0057 589.2891152.6406
Module start 'layout' 0.00570.0034 741.929739.4922
Module start 'content' 0.00910.0055 781.421989.4922
Module end 'content' 0.01460.0019 870.914134.3047
Script end 0.0165  905.2188 

Time accumulators:

 Accumulator Duration (sec) Duration (%) Count Average (sec)
Ini load
Load cache0.002515.1512140.0002
Check MTime0.00116.6683140.0001
Mysql Total
Database connection0.00084.966210.0008
Mysqli_queries0.002615.536330.0009
Looping result0.00000.151510.0000
Template Total0.001610.010.0016
Template load0.00095.371610.0009
Template processing0.00084.579710.0008
Override
Cache load0.00063.823910.0006
General
dbfile0.00085.015380.0001
String conversion0.00000.066440.0000
Note: percentages do not add up to 100% because some accumulators overlap

Templates used to render the page:

UsageRequested templateTemplateTemplate loadedEditOverride
1print_pagelayout.tpl<No override>extension/community/design/community/templates/print_pagelayout.tplEdit templateOverride template
 Number of times templates used: 1
 Number of unique templates used: 1

Time used to render debug report: 0.0001 secs