Link to Forum bypasses security?

If you have questions about using mojoPortal, you can post them here.

You may want to first review our site administration documentation to see if your question is answered there.

This thread is closed to new posts. You must sign in to post in the forums.

6/19/2008 6:52:56 PM

msc

Total Posts 3

View Posts

Link to Forum bypasses security?

I have a forum that has a forum page I want to restrict to a specific role. I unchecked the All Users role on the "roles that can view this page" tab and checked the role I had created. This all seems to work correctly except when the system sends an email and you click the link. It seems to allow a non logged in user to access the page by clicking the link in the email. The "sign in" tab is visable, the forum tab is not visable but the user can brouse the forum when they click the direct link to it, even though they are not logged in. Is that normal or do I have something set up wrong in the system.

6/20/2008 5:43:42 AM

Joe Audette

Total Posts 18439

View Posts

Re: Link to Forum bypasses security?

Hi,

Thanks for letting me know. There was a missing security check for page view permission in the forum. I have fixed this on my local machine and will have the fix in svn trunk by tonight for developers and in the next release for everyine else.

Best,

Joe

You must sign in to post in the forums. This thread is closed to new posts.