Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-5887

The REST API allows to list wikis and spaces even when the wiki is protected

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 3.2
    • 2.6
    • REST
    • None
    • security,rest
    • Integration
    • Unknown

    Description

      The REST API allows any anonymous user to list the existing spaces in a wiki, even if the spaces are protected. Shouldn't the API return only the public spaces names in that case? The same goes for the list of private wikis hosted in an XWiki farm.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-11207 The REST API allows to list wikis even when the wiki is protected

          • Major - Major loss of function.
          • Closed

          Activity

            People

              fmancinelli Fabio Mancinelli
              slauriere slauriere
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: