Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-100248

sites.control.panel.members.visible default value should be false

    Details

      Description

      Users that belong to a site can bypass Control Panel permissions by using URLĀ http://localhost:8080/group/control_panel/manage/-/sites to access the Control Panel Sites. The portal property sites.control.panel.members.visible has the default value set to true and allows this behavior to occur. By using the URL, the user can view Membership Type, Active status, and private sites which can be argued should not be viewed unless given proper permissions.

      The default value should be changed to false to prevent this behavior to occur.

      Let me know if there are any questions or comments about this.
      Thank you.

        Attachments

          Activity

            People

            • Assignee:
              support-lep@liferay.com SE Support
              Reporter:
              fortunato.maldonado Fortunato Maldonado (Inactive)
            • Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Packages

                Version Package
                7.2.10 DXP FP2
                7.2.10.1 DXP SP1
                7.2.X
                Master