Jaanus
Super Moderator
Hi,
I don't know if this is a Joomla or Fabrik security bug or something is wrong in my webhost, but
I can submit and edit data anyway despite the restrictive settings in backend!
That means:
1) I am not logged in and I don't see the add and edit icons in list. That's ok because I set such access rights to Registered.
2) I open the details view. URL in address bar shows http://xx.mysite.xx/menualias/details/1/1
3) I change the url against http://xx.mysite.xx/menualias/form/1/1 . Instead a message that I have no access rights I see whole form! I make some changes and save. The changes are saved.
4) I change the url against http://xx.mysite.xx/menualias/form/1/0 . the form opens and I can submit new data despide I am not logged in!
FYI: I discovered this bug thanks to testing one new feature (see the pull request https://github.com/Fabrik/fabrik/pull/487/files) - edit button was still present in details view...
I don't know if this is a Joomla or Fabrik security bug or something is wrong in my webhost, but
I can submit and edit data anyway despite the restrictive settings in backend!
That means:
1) I am not logged in and I don't see the add and edit icons in list. That's ok because I set such access rights to Registered.
2) I open the details view. URL in address bar shows http://xx.mysite.xx/menualias/details/1/1
3) I change the url against http://xx.mysite.xx/menualias/form/1/1 . Instead a message that I have no access rights I see whole form! I make some changes and save. The changes are saved.
4) I change the url against http://xx.mysite.xx/menualias/form/1/0 . the form opens and I can submit new data despide I am not logged in!
FYI: I discovered this bug thanks to testing one new feature (see the pull request https://github.com/Fabrik/fabrik/pull/487/files) - edit button was still present in details view...