mahara-contributors team mailing list archive

Thread
Date

[Bug 585310] Re: SecretURL prompting for a password

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Richard Mansfield <585310@xxxxxxxxxxxxxxxxxx>
Date: Tue, 20 Jul 2010 03:44:30 -0000
Reply-to: Bug 585310 <585310@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Looks good.  I'm sure that the point of Nigel's patch (the render resume
without javascript one) was to remove the use of composite.json.php
except when editing your own resume; it's no longer used in views.

This means that in addition to the clean up you made above, we can
remove the view parameter altogether (and anything that depends on it)
from that file, and just assume the owner is always the logged in user
($USER), and also get rid of the define('PUBLIC',1) stuff.

Should be more secure, so I'll do that once I've pushed it. Hopefully
I'm right about that and it won't break a bunch of stuff...

-- 
SecretURL prompting for a password
https://bugs.launchpad.net/bugs/585310
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.

Status in Mahara ePortfolio: In Progress

Bug description:
If a View contains resumé information displayed in a box (Employment History, Education History, etc.), and is accessed exclusively via a SecretURL, then it asks for a password. Only the first time though, subsequent access doesn't ask for a password even if you don't enter one the first time.

Mahara 1.2.4
Ubuntu Linux 8.04
MySQL

References

[Bug 585310] [NEW] SecretURL prompting for a password
From: Gary Beldon, 2010-05-25