New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When loading URL and not logged in, this should load the login form #7201
Conversation
I couldn't find a good way for showing different error if site does not exist compared to not having permission and it also would be information disclosure. It would be easy to find out how many sites are tracked with a Piwik etc. The only way to solve it would be to check whether a given site exists using the |
The issue is due to period = range. A specific method needs to execute new Site(...) regardless of period value. I have hacky fix locally, will post the diff here soon. |
This will provide the correct behaviour, but it doesn't solve the underlying problem (that idSite should be handled ONE way in ONE place). Unfortunately, I don't think a proper solution is feasible at the moment. |
I didn't find that check and had no idea it exists. As you mentioned in your comment it is "indirectly performed". Don't like it so much, this will most likely fail again. Even if we had tests for it, it will be hard to find (it was in this case like this as well as it failed somewhere else in |
If it doesn't break anything I guess it's fine. Just need to make sure for controller actions it redirects to login instead of throwing an exception. |
Moved to 2.12.0 unless someone wants to merge it for 2.11.0! |
Worked on the FrontController idea. Solving it in |
When loading URL and not logged in, this should load the login form
refs #7193
I don't think the issue is a regression. At least it doesn't look like it. This is one solution for that fix but not 100% correct. It would trigger the exception as well if an idSite is given for a site that does not exist! Will try to find a better solution.