Details
-
Bug
-
Resolution: Invalid
-
Major
-
None
-
14.1
-
None
-
Medium
-
Unknown
-
Description
It's possible to get information about title of pages that are not viewable by using the results of TemplateProviderClass fields.
Reproduction steps:
- With admin user creates a page entitled HiddenPage, and make it visible only for admins by allowing view right to them only
- With a standard using having edit rights, go to the object editor of any page, and insert a new TemplateProviderClass xobject
- Go in the picker of the field "Creation Restrictions" and type "H"
Expected result:
- HiddenPage shouldn't appear since the user does not have view rights on it. Or if it needs to appear it should be only its reference
Obtained result:
- the page is displayed with its title