-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent misuse of show_noauth param when fulltext is empty #11290
Conversation
Can you take a look at the codestyle issues please |
ok for single article URL, but not for category blog view |
I have corrected code styling issues, About :
that can be a different PR ? |
(1) Issue verified. (4) Article still visible from category blog layout. Another case is when we visit any public article without login and we click on category name from this article breadcrumb, all articles gets visible though one allowed to registered user only. This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/11290. |
The 403 is the desired thing since there is no fulltext, so we are good here
going to login screen should only happen if user is guest (i need to check this !), i am using:
of course it is shown
the purpose is to limit information displayed of it and do not display fulltext anywhere Question so does the blog layout show fulltext ? |
@ggppdk Yes, showing full text of article in category layouts. This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/11290. |
hhmm i think i can update this PR for this case too, Also someone needs to update language string of the parameter: It has none info about the fact that articles need to have an intro text |
@ggppdk ist this PR updated, should PR be tested? |
This PR should be still be a valid fix, but it fixes only article view |
I have tested this item ✅ successfully on 0624124 This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/11290. |
I think at the login redirect it should be a message like "You have to login to have access to the ressource" |
I have tested this item ✅ successfully on 0624124 This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/11290. |
RTC This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/11290. |
Pull Request for Issue #11285
Summary of Changes
Natural place to fix this is at the view.html.php that has a similar but incomplete check
Testing Instructions
STEP 1: Verify bug
STEP 2: Test fix: Redirect guests to login
4. Apply the patch and visit the article view again, you should redirected to login
5. Login as a "registered" user
6. Visit article, you should be able to view the article
STEP 3: Test fix: If logged user still did not gain access after login then a no access message work for logged users too
7. Edit article and set access to special
8. Visit article as "plain" registered users, you should get a 403 error