Five New Optimizely Certifications are Here! Validate your expertise and advance your career with our latest certification exams. Click here to find out more

AI OnAI Off

[Bug?] Access rights to languages in edit mode.

Johan Petersson
Johan Petersson
Vote:
 

Hi,


It seems lika that language access rights are only checked in the dropdown menus in edit mode. If you access edit mode with a direct link to a page and a language you can access a language branch that you don't actually have access to, e.g. /cms/edit/default.aspx?id=12345&epslanguage=en&selectededitpaneltab=1. You can even edit the page and publish it.


Is this by design or a bug? For me it seems like a quite serious security bug.

#73766
Aug 08, 2013 15:03
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.