Hey, In my app I have the following ACL issue:
All actions/controllers are secured by ACL and a user should only see pages when he is logged in. This works fine in general, but I discovered a weird error today which is given me a headache: When you enter the url http://www.myapp.com/controller/action the user is redirected to the login, which is exactly what I want. But if the user types in this, e.g. to edit an article or sth like that: http://www.myapp.com/controller/action/5 the ACL does NOT deny the access to the page and everyone can view the contents of the page! This is a horrible security issue and I gotta fix it ASAP, so I'd be very happy if someone could point me to the right direction so I can solve this big problem! Thx in advance, DD --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
