Posts: 13
Threads: 7
Joined: Mar 2009
Reputation:
0
I don't know if this is a feature or a bug, but if a client logs in and then edits a submission, if they happen to change the submission ID in the URL and press Enter, they are taken to the edit screen for the submission ID, allowing them to edit submissions that are not in their View! Zoinks.
Is this correct?
I thought filters was a way to restrict clients to a certain set of submissions.
Posts: 13
Threads: 7
Joined: Mar 2009
Reputation:
0
I must be doing something wrong. Could there be something wrong with cookies?
Posts: 2,456
Threads: 39
Joined: Dec 2008
Reputation:
6
Hmm. This could be a bug.
Yes, there are security measures in place to only permit a user access to submissions + Views that they're assigned to. If they try to access a submission or a View that they're not permitted to see they get booted out.
I've just checked it on my own installaion and it works fine for me... would it be possible for you to send me your FT login info so I could see the problem first hand? Let me know! My email is formtools@encorewebstudios.com
- Ben
Posts: 2,456
Threads: 39
Joined: Dec 2008
Reputation:
6
Nevermind. I see...
I'll release a fix for this today. Thanks for reporting it!
- Ben
Posts: 2,456
Threads: 39
Joined: Dec 2008
Reputation:
6
This has been fixed in today's build.
For any future security-related problems, could you contact me privately?
Thanks!
- Ben
