[Mahara-contributors] [Bug 618634] Re: Disabled features are still accessible by visiting their URI directly
** Changed in: mahara Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. https://bugs.launchpad.net/bugs/618634 Title: Disabled features are still accessible by visiting their URI directly Status in Mahara ePortfolio: Fix Released Bug description: If I disable a plugin (e.g. Resume), then the menu items for it disappear (correctly). However, if I visit the URI for that plugin (e.g. /artefact/resume) on my site, I can still access, view, modify and submit information stored within the artefact. Marking this as a security vulnerability because the plugin has been disabled but this is being circumvented. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/618634/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 618634] Re: Disabled features are still accessible by visiting their URI directly
** Changed in: mahara Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. https://bugs.launchpad.net/bugs/618634 Title: Disabled features are still accessible by visiting their URI directly Status in Mahara ePortfolio: Fix Committed Bug description: If I disable a plugin (e.g. Resume), then the menu items for it disappear (correctly). However, if I visit the URI for that plugin (e.g. /artefact/resume) on my site, I can still access, view, modify and submit information stored within the artefact. Marking this as a security vulnerability because the plugin has been disabled but this is being circumvented. ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 618634] Re: Disabled features are still accessible by visiting their URI directly
Melissa, They're probably the confirmation messages you get when you click the enable/disable links, try it out on Site Administration->Administer Extensions. I'm still not 100% convinced the text should be show/hide, I think that could be confusing too, so if you can think of something better, go for it. While you're on that page, I think it'd be good to add some text at the top explaining that you cannot completely uninstall or disable a plugin, you can only hide it in the interface. -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. https://bugs.launchpad.net/bugs/618634 Title: Disabled features are still accessible by visiting their URI directly Status in Mahara ePortfolio: In Progress Bug description: If I disable a plugin (e.g. Resume), then the menu items for it disappear (correctly). However, if I visit the URI for that plugin (e.g. /artefact/resume) on my site, I can still access, view, modify and submit information stored within the artefact. Marking this as a security vulnerability because the plugin has been disabled but this is being circumvented. ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 618634] Re: Disabled features are still accessible by visiting their URI directly
There are 3 other strings that use the same language (enable/disable) $string['pluginenabled'] = 'Plugin enabled'; $string['plugindisabled'] = 'Plugin disabled'; $string['pluginnotenabled'] = 'Plugin not enabled. You must enable the %s plugin first.'; I'm leaning towards changing them for consistency, but I'd like agreement from others who know the system better. ** Changed in: mahara Assignee: (unassigned) => Melissa Draper (melissa) ** Changed in: mahara Status: Confirmed => In Progress -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. https://bugs.launchpad.net/bugs/618634 Title: Disabled features are still accessible by visiting their URI directly Status in Mahara ePortfolio: In Progress Bug description: If I disable a plugin (e.g. Resume), then the menu items for it disappear (correctly). However, if I visit the URI for that plugin (e.g. /artefact/resume) on my site, I can still access, view, modify and submit information stored within the artefact. Marking this as a security vulnerability because the plugin has been disabled but this is being circumvented. ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 618634] Re: Disabled features are still accessible by visiting their URI directly
Quick fix for 1.4: changing the langstring from "enable/disable" to "show/hide" ** Tags added: bite-sized -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. https://bugs.launchpad.net/bugs/618634 Title: Disabled features are still accessible by visiting their URI directly Status in Mahara ePortfolio: Confirmed Bug description: If I disable a plugin (e.g. Resume), then the menu items for it disappear (correctly). However, if I visit the URI for that plugin (e.g. /artefact/resume) on my site, I can still access, view, modify and submit information stored within the artefact. Marking this as a security vulnerability because the plugin has been disabled but this is being circumvented. ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 618634] Re: Disabled features are still accessible by visiting their URI directly
** Changed in: mahara Assignee: Hugh Davenport (hugh-catalyst) => (unassigned) -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. https://bugs.launchpad.net/bugs/618634 Title: Disabled features are still accessible by visiting their URI directly Status in Mahara ePortfolio: Confirmed Bug description: If I disable a plugin (e.g. Resume), then the menu items for it disappear (correctly). However, if I visit the URI for that plugin (e.g. /artefact/resume) on my site, I can still access, view, modify and submit information stored within the artefact. Marking this as a security vulnerability because the plugin has been disabled but this is being circumvented. ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 618634] Re: Disabled features are still accessible by visiting their URI directly
** Changed in: mahara Assignee: (unassigned) => Hugh Davenport (hugh-catalyst) -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. https://bugs.launchpad.net/bugs/618634 Title: Disabled features are still accessible by visiting their URI directly Status in Mahara ePortfolio: Confirmed Bug description: If I disable a plugin (e.g. Resume), then the menu items for it disappear (correctly). However, if I visit the URI for that plugin (e.g. /artefact/resume) on my site, I can still access, view, modify and submit information stored within the artefact. Marking this as a security vulnerability because the plugin has been disabled but this is being circumvented. ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 618634] Re: Disabled features are still accessible by visiting their URI directly
** Visibility changed to: Public ** This bug is no longer flagged as a security vulnerability ** Changed in: mahara Importance: Undecided => Medium ** Changed in: mahara Milestone: None => 1.4.0 ** Changed in: mahara Status: Opinion => Confirmed -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. https://bugs.launchpad.net/bugs/618634 Title: Disabled features are still accessible by visiting their URI directly Status in Mahara ePortfolio: Confirmed Bug description: If I disable a plugin (e.g. Resume), then the menu items for it disappear (correctly). However, if I visit the URI for that plugin (e.g. /artefact/resume) on my site, I can still access, view, modify and submit information stored within the artefact. Marking this as a security vulnerability because the plugin has been disabled but this is being circumvented. ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
