SaaS CMS has officially launched! Learn more now.

[Bug?] Access rights to languages in edit mode.



It seems lika that language access rights are only checked in the dropdown menus in edit mode. If you access edit mode with a direct link to a page and a language you can access a language branch that you don't actually have access to, e.g. /cms/edit/default.aspx?id=12345&epslanguage=en&selectededitpaneltab=1. You can even edit the page and publish it.

Is this by design or a bug? For me it seems like a quite serious security bug.

Aug 08, 2013 15:03
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.