You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
stigsfoot
changed the title
Minor: By editing the url, players can gain access to levels they have not unlocked.
By editing the url, players can gain access to levels they have not unlocked.
Feb 27, 2019
Thanks for acknowledging this bug, this shouldn't be allowed. Fixed this issue now if a user edits the URL to any other level which is not unlocked it will be redirected back to levels page for that particular module.
@jatin-narang The redirect feature sounds good. I don't see it implemented in the latest version in the repo. Is it still in progress or maybe not yet committed?
For example by changing the url from 'http://localhost:8080/module/1/level/1/questions/' to 'http://localhost:8080/module/1/level/3/questions/', a they can gain access to a level that they have not unlocked. Not sure if this is worth worrying about. One potential solution would be if a user tries to do this, they are redirected to another screen if they do not have access to that level.
Aha! Link: https://nditech.aha.io/features/G4G-93
The text was updated successfully, but these errors were encountered: