You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Ok, I posted this before, but vipsoft seems to think user access and anonymous access are the same thing and deleted it.
vipsoft> “Oops. Given ticket #554, we won’t be blocking access to the site manager page.”
They are not the same thing. but meh.
Anyway if you goto ‘/index.php?module=SitesManager&action=displayJavascriptCode&idsite=1’ of any piwik install you will be granted access to that page without the need to log in.
Other pages are affected as well.
Personally if you restrict anonymous access to a site then ALL of that site should be blocked. Not a few pages or ones that count, but ALL of the site.
Feel free vipsof to delete this ticket, I can code so I will just fix the issue myself. But I thought I would be nice for your users (that can not code or dont have the time) to be able to trust ‘NO ACCESS’ truly means ‘NO ACCESS’.
The text was updated successfully, but these errors were encountered:
this page just takes the idsite and displays it, there is nothing confidential at all, especially as this page cannot be accessed via any link… for consistency I added the check though.
Ok, I posted this before, but vipsoft seems to think user access and anonymous access are the same thing and deleted it.
vipsoft> “Oops. Given ticket #554, we won’t be blocking access to the site manager page.”
They are not the same thing. but meh.
Anyway if you goto ‘/index.php?module=SitesManager&action=displayJavascriptCode&idsite=1’ of any piwik install you will be granted access to that page without the need to log in.
Other pages are affected as well.
Personally if you restrict anonymous access to a site then ALL of that site should be blocked. Not a few pages or ones that count, but ALL of the site.
Feel free vipsof to delete this ticket, I can code so I will just fix the issue myself. But I thought I would be nice for your users (that can not code or dont have the time) to be able to trust ‘NO ACCESS’ truly means ‘NO ACCESS’.
The text was updated successfully, but these errors were encountered: