View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001153 | OXID eShop (all versions) | 1. ----- eShop frontend ----- | public | 2009-07-31 12:27 | 2012-12-10 14:38 |
| Reporter | d3 | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 4.1.3 revision 19918 | ||||
| Fixed in Version | 4.1.5 revision 21618 | ||||
| Summary | 0001153: Gift Registry - no check for "not public" | ||||
| Description | The sarch for a Gift Registry check if a Gift Registry is public or not. But to display a Gift Registry, is no check. Open a Gift Registry without Login or another user. Set your Gift Registry to not public. Your Gift Registry is still public, and any change is visible. | ||||
| Tags | No tags attached. | ||||
| Theme | |||||
| Browser | All | ||||
| PHP Version | 5.2.6 | ||||
| Database Version | 5.0.33 | ||||
|
|
Reminder sent to: d3 Hi, The option "Public" is available only for Gift Registry (Wunschzettel). But there is no such option for Whishlist (Merkzettel), because whishlist is supposed to be only for the owner and is not visible for other people in any way. The Gift Registry can be marked as Public or Not (option Yes/No in My Account->My Gift Registry), but I checked it now once again, and it works well: if user A has marked his Gift Registry list as NOT public, then user B searches for Gift Registry of user A - system return no result for this search. But if Gift registry is marked as Public - it can be found by other users (user B). Maybe I missunderstood the situation and you have selected some other special options, which may affect the behavior? Also, similar case may occur because cache is not cleared or if you work on the same browser instance, just loged in with two different users on different tabs. Could you please try the same case on our demoshop at: http://demoshop.oxid-esales.com/professional-edition Best regards, |
|
|
Hi, The issue can reproduce in the demoshop. For example: User A create a wishlist an set the status to "public". User B get this wishlist (maybe with the search, or get a link). User B copy that Url (http://demoshop.oxid-esales.com/professional-edition/wunschzettel/?wishid=8822a454780bed607ba5e288c76edbb9) or let open his browser for a while. Now User A change the status of his wishlist to "not public". After that change, User B work further with his browser or open the stored link in an new window. User B can still see that hidden wishlist from User A. If User A do some changes in that wishlist, User B can see all. I hope, now you can undertstand that problem. |
|
|
yes, if gift registry id (?wishid=xxxx) is attached to the link, gift registry is showed even if it is not public. |
