Forums / Developer / Can an anonymous user see the already seized forms?

"Please Note:

At the specific request of Ibexa we are changing this projects name to "Exponential" or "Exponential (CMS)" effective as of August, 11th 2025.
This project is not associated with the original eZ Publish software or its original developer, eZ Systems or Ibexa".

Can an anonymous user see the already seized forms?

Previous topic

Developer

Next topic

Author	Message
Bruno Le Calvez	Friday 06 October 2006 1:41:43 am Salut (Hi), I created an access to the form with this code (for my anonymous users): <form method="post" action="/my_site/content/action" name="fullview" style="display:none"> <input type="hidden" name="NodeID" value="88" /> <input type="hidden" name="ClassID" value="20" /> <input type="hidden" name="NewButton"/> </form> <a href="#" onclick="goinedition()">link</a> But, after insertion, another anonymous user can as follows have access to the form of another user, with this link: http://mysite/content/edit/1676/1 And my client want diffuse a link towards the form and he used this link. I have affected the rights "create" and "edit" to the user anonymous on the class concerned. If I withdraw "edit" the user doesn't have access to the form in creation? Can you help me, please ;) Thank you for your assistance, Bruno
Claudia Kosny	Friday 06 October 2006 4:44:07 am Hi Bruno maybe you can limit the edit function to owner 'self or anonymous users per http session'. Claudia
Xavier Dutoit	Friday 06 October 2006 4:57:54 am Hi Bruno, What is the version you're using ? Have a look at this bug report, it contains a lot of information and links. http://ez.no/bugs/view/6680 X+ P.S. Tu as plus de réponses à des questions qui n'ont pas déjà été posées des tas de fois ;ç) http://www.sydesy.com

Author

Message

Bruno Le Calvez

Friday 06 October 2006 1:41:43 am

Salut (Hi),

I created an access to the form with this code (for my anonymous users):

<form method="post" action="/my_site/content/action" name="fullview" style="display:none">
<input type="hidden" name="NodeID" value="88" />
<input type="hidden" name="ClassID" value="20" />	 
<input type="hidden" name="NewButton"/>
</form>
<a href="#" onclick="goinedition()">link</a>

But, after insertion, another anonymous user can as follows have access to the form of another user, with this link:

http://mysite/content/edit/1676/1

And my client want diffuse a link towards the form and he used this link.

I have affected the rights "create" and "edit" to the user anonymous on the class concerned.
If I withdraw "edit" the user doesn't have access to the form in creation?

Can you help me, please ;)

Thank you for your assistance,
Bruno

Claudia Kosny

Friday 06 October 2006 4:44:07 am

Hi Bruno

maybe you can limit the edit function to owner 'self or anonymous users per http session'.

Claudia

Xavier Dutoit

Friday 06 October 2006 4:57:54 am

Hi Bruno,

What is the version you're using ?

Have a look at this bug report, it contains a lot of information and links.

http://ez.no/bugs/view/6680

X+

P.S. Tu as plus de réponses à des questions qui n'ont pas déjà été posées des tas de fois ;ç)

http://www.sydesy.com