View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001255 | HTML & PERL | Bug Report - Interface | public | 2008-08-25 23:58 | 2008-08-29 23:41 |
| Reporter | Nyxx | Assigned To | pelican | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Summary | 0001255: "Latest" informations for the public is unfiltered | ||||
| Description | Under the "Latest" tab a guest can see informations where I denied the access for the public in my profile. Profile settings: - see my userpage: everyone - see my wishlist: no one - see my votes: no one - see viewed info: members and buddies (- see state info: only with password) With these settings I expect that a guest cannot see these three "latest" lists: - Watched - Anime votes - Wish list entries But the user can still see all latest informations. This is bad in terms of privacy. Workaround (from exp): Disable the access to your userpage for everyone. Set "see my userpage" to something less than "everyone". | ||||
| Steps To Reproduce | - log in with your anidb user - in your profile page set "see my userpage" to "everyone" - log out - open your userpage (without being logged in!) and click on "Latest", or use this link to open it directly: http://anidb.net/perl-bin/animedb.pl?uid=123456789&show=userpage&do=latest Where "123456789" is your userid. | ||||
| Tags | No tags attached. | ||||
