- Status: Moved to Github
I have discovered, using version 5.0.5, an issue with the gallery and find content part of user profiles, where people can see images (thumbnails) they aren’t supposed to be able to see.
For example, I have category X, which is only available to the member group Subscribers. Permission are set so others can see that the category exists (to encourage people to join), but no images show to them (just appears as an empty folder) and if they click on the category, they get the error message that they don’t have the permissions to view images in that category. That works as it is supposed to.
However, I have found that if you go to the user profile of a person who has images in that protected category, click Find Content, and then choose Images from the Gallery section of the content type, it will show the thumbnail images of everything, including what is in the gallery categories that they don’t have permission to view
Recommended Comments