Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Erni 10 posts 31 karma points
    Jun 20, 2011 @ 17:33
    Erni
    0

    Security BUG - user without publish right can publish

    • Umbraco Version: 4.7.0
    • asp.net version: 4.0.30319.1
    • Windows and iis version: Win2008 IIS 7.5
    • Stacktrace: N/A
    • A detailed description of what you did before the issue happened: create user of writer type, login as "writer" user, create document and set "Publish at" date as today, press "save", wait few seconds/minutes and document will be published automaticaly even ommiting required fileds
  • Kim Andersen 1447 posts 2197 karma points MVP
    Jun 20, 2011 @ 20:09
    Kim Andersen
    2

    Hi Erni

    I think you should report this issue on Codeplex if it's not already there. Maybe if you're lucky it can be changed before v4.7.1 goes out then.

    /Kim A

  • Jan Skovgaard 11280 posts 23678 karma points MVP 11x admin c-trib
    Jun 20, 2011 @ 23:02
    Jan Skovgaard
    0

    Hi Erni

    This should definately go to codeplex as Kim says - please post the link to the issue in here so others who come accross this bug in here is more likely to go and vote it up on codeplex.

    I have just tried to do the steps you described and I'm able to reproduce it.

    /Jan

  • Tom Fulton 2030 posts 4998 karma points c-trib
    Jun 21, 2011 @ 00:39
    Tom Fulton
    1

    Hi,

    Actually there is a workitem on this already:  http://umbraco.codeplex.com/workitem/22251

    Vote it up!  You might also post your steps to reproduce there as well.

    -Tom

  • Kim Andersen 1447 posts 2197 karma points MVP
    Jun 21, 2011 @ 17:34
    Kim Andersen
    0

    Ahh nice find Tom. Just gave it my vote.

    /Kim A

  • Erni 10 posts 31 karma points
    Jun 24, 2011 @ 14:59
    Erni
    0

    Thanks guys, I gave them some comments there already and voted also.

    We will see how it will go on..

  • William Main 5 posts 25 karma points
    Aug 21, 2013 @ 15:25
    William Main
    0

    I hate to dig up the past here, but I am having the exact same issue with one of our client websites. Despite the writer not having the security permissions to publish, they can override this by setting a "Publish At" date and then clicking Save and Send For Approval. The end result is that the content is published without the approval process.

    Was this bug ever resolved? The codeplex website link is dead.

    Umbraco version is: v4.11.9

    Thanks very much.

    William

Please Sign in or register to post replies

Write your reply to:

Draft