[drupal-devel] private but unprotected blogs
Fredrik Jonsson
frjo at xdeb.org
Sun Oct 9 20:00:17 UTC 2005
Eric Crump 2005-10-03 19.25 -0500 wrote:
>I have one site that I'm using for a college class and the whole
>site is supposed to be private, that is, for class use only. I
>thought that would simply be a matter of giving anonymous users *no*
>privileges in 'access control' and for the most part, that seems to
>work. Anonymous users get 403s wherever they go *except* if they
>type the path to a user's blog.
>
>For any path 'http://site.org/blog/x' the blog teasers and links
>display just fine! If they click on a link, they get 403ed, but
>since anon users don't have content access privileges, this seems
>weird to me that they can see the titles and teasers for blogs.
I can replicate this bug on Drupal 4.6.3. Please create an issue
about it on drupal.org:
<http://drupal.org/node/add/project_issue/drupal/bug>
Fredrik
--
Web site: <http://xdeb.org/wiki/Fredrik>
More information about the drupal-devel
mailing list