Elgg version
5.1
Plugin version
master
Plugin source
- Git clone (did you run
composer install?)
Describe the bug
In the action the save of a new page is placed in an 'ignore access' call
|
$saved = elgg_call(ELGG_IGNORE_ACCESS, function () use (&$entity) { |
|
return $entity->save(); |
|
}); |
This will give anybody write access to any container, even if this shouldn't be the case.
Rethink this procedure
Elgg version
5.1
Plugin version
master
Plugin source
composer install?)Describe the bug
In the action the save of a new page is placed in an 'ignore access' call
static/actions/static/edit.php
Lines 67 to 69 in a050637
This will give anybody write access to any container, even if this shouldn't be the case.
Rethink this procedure