Mahara

Viewing a user's blog (whole blog) doesn't show images or allow downloads (Access Denied)

Bug #643647 reported by Andrew Nicols
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Mahara
Fix Released
High
Eugene
Mahara 1.3.2

Bug Description

Came across this at the same time as bug #643645.
If you view a blog using view/artefact.php, which has downloads (or specifically images) included in it's posts then the appropriate permissions are not set and trying to view the files gives a 403.

Eugene (eugenev)
Changed in mahara:
assignee: nobody → Eugene (eugene-catalyst)
Revision history for this message
Eugene (eugenev) wrote :

I don't seem to be able to reproduce the issue described in the bug description...

Andrew, is it perhaps possible to give a more detailed explanation on reproducing the problem?

Thanks :)!

Revision history for this message
Andrew Nicols (dobedobedoh) wrote :

Hi Eugene,
Here are the steps I took:
* Create a new post in admin's blog with a picture uploaded and displayed inline in the blog;
* Add the 'Recent Blog Posts' (or any other Blog blocktype I should imagine) into the user's Profile View
* Login as a new user
* View admin's profile
* View the individual blog post (works correctly)
* Go back and view "Admin User's blog"
* After a force refresh to clear the file from my browser cache, the image is no longer shown. Trying to download the image gives an 'Access Denied'.

Enjoy ;)

Andrew

summary: - Inserting a file with no description using tinymce gives default
- description of 'null'
+ Viewing a user's blog (whole blog) doesn't show images or allow
+ downloads (Access Denied)
Revision history for this message
Andrew Nicols (dobedobedoh) wrote :

Sorry - I was reporting a glut of related bugs at the same time and managed to get my wires crossed with the bug subjects. I've opened a new bug for the original title.

Eugene (eugenev)
Changed in mahara:
status: New → Incomplete
status: Incomplete → Fix Committed
Richard Mansfield (richard-mansfield)
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.