Current version by: Brendan
Text:
| Hi iFixit team, | |
| I think I found something... interesting :-) | |
| === Bug description === | |
| There is something strange, I think it's an inconsistency in the iFixit's security system that handles if a tutorial can be accessed or not. I found some pages that are indexed or viewable but that cannot be accessed in the normal way. | |
| === Reproduce the bug, scenario 1 === | |
| First I made the following search "ethernet" : | |
| Here is a direct link to the search results on iFixit FR : [link|https://fr.ifixit.com/Search?doctype=guide&query=ethernet|https://fr.ifixit.com/Search?doctype=guide&query=ethernet] | |
| Then I clicked on this specific result : | |
| [image|97114] | |
| And... I got a 403, forbidden access page : | |
| [image|97115] | |
| The problem here is the tutorial is indexed, so it must be readable or it must not be indexed. But it should not be indexed and not readable, as this behavior is inconsistent. | |
| Here is the link to the problematic tutorial : https://fr.ifixit.com/Guide/Remplacement+du+connecteur+du+c%C3%A2ble+Ethernet/148508 | |
| === Reproduce the bug, scenario 2 === | |
| It seems this exact same bug is also affecting some guides but in a different (more problematic) way. | |
| Let's take this guide as an example : https://fr.ifixit.com/Tutoriel/Toshiba+Satellite+A105-S4011+Optical+Drive+Replacement/14701 | |
| On the following guide, we can observe there are some prerequisite guides, but if I click on the following prerequisite : | |
| [image|97118] | |
| I got the 403, forbidden access : | |
| [image|97119] | |
| Also, the content of this specific guide [link|https://fr.ifixit.com/Tutoriel/Toshiba+Satellite+A105-S4011+Optical+Drive+Replacement/14701#s48657|can be read here] : | |
| [image|97120] | |
| Also, if I click on the "Edit" button, I also got the 403 error page. | |
| Resources : | |
| * Direct link to the bugged prerequisite guide : https://fr.ifixit.com/Tutoriel/prereq/14656 | |
| * Direct link to the guide inheriting the bugged prerequisite guide : https://fr.ifixit.com/Tutoriel/Toshiba+Satellite+A105-S4011+Optical+Drive+Replacement/14701 | |
| * Direct link to the translation page of the bugged prerequisite guide : https://fr.ifixit.com/Tutoriel/modifier/14701/48657 | |
| The problems in this context are : | |
| * It makes some guides "untranslatable", because if one of the prerequisite guides of a tutorial cannot be translated, the guide that inherits the bugged prerequisite guide will not be able to be completely translated so it cannot be viewed as a translated guide as the translation is considered incomplete by the platform, so the guide remains in the original language instead of the partially translated one. | |
| * The content of this forbidden guide can be read under certain circumstances, when it is linked as a prerequisite guide of a guide that can be accessed, that's an inconsistent behavior because usually, prerequisite guides can be accessed and linked as prerequisite guides without this kind of issue. | |
| - | * The fact the content of a guide can be viewed but the guide itself is not allowed to be accessed |
| + | * The fact the content of a guide can be viewed but the page of the guide itself is not allowed to be accessed is a potential security issue. |
| Thanks for reading. |
Status:
open
Edit by: Brendan
Text:
| Hi iFixit team, | |
| I think I found something... interesting :-) | |
| === Bug description === | |
| There is something strange, I think it's an inconsistency in the iFixit's security system that handles if a tutorial can be accessed or not. I found some pages that are indexed or viewable but that cannot be accessed in the normal way. | |
| === Reproduce the bug, scenario 1 === | |
| First I made the following search "ethernet" : | |
| Here is a direct link to the search results on iFixit FR : [link|https://fr.ifixit.com/Search?doctype=guide&query=ethernet|https://fr.ifixit.com/Search?doctype=guide&query=ethernet] | |
| Then I clicked on this specific result : | |
| [image|97114] | |
| And... I got a 403, forbidden access page : | |
| [image|97115] | |
| The problem here is the tutorial is indexed, so it must be readable or it must not be indexed. But it should not be indexed and not readable, as this behavior is inconsistent. | |
| Here is the link to the problematic tutorial : https://fr.ifixit.com/Guide/Remplacement+du+connecteur+du+c%C3%A2ble+Ethernet/148508 | |
| === Reproduce the bug, scenario 2 === | |
| It seems this exact same bug is also affecting some guides but in a different (more problematic) way. | |
| Let's take this guide as an example : https://fr.ifixit.com/Tutoriel/Toshiba+Satellite+A105-S4011+Optical+Drive+Replacement/14701 | |
| On the following guide, we can observe there are some prerequisite guides, but if I click on the following prerequisite : | |
| [image|97118] | |
| I got the 403, forbidden access : | |
| [image|97119] | |
| Also, the content of this specific guide [link|https://fr.ifixit.com/Tutoriel/Toshiba+Satellite+A105-S4011+Optical+Drive+Replacement/14701#s48657|can be read here] : | |
| [image|97120] | |
| Also, if I click on the "Edit" button, I also got the 403 error page. | |
| Resources : | |
| * Direct link to the bugged prerequisite guide : https://fr.ifixit.com/Tutoriel/prereq/14656 | |
| * Direct link to the guide inheriting the bugged prerequisite guide : https://fr.ifixit.com/Tutoriel/Toshiba+Satellite+A105-S4011+Optical+Drive+Replacement/14701 | |
| * Direct link to the translation page of the bugged prerequisite guide : https://fr.ifixit.com/Tutoriel/modifier/14701/48657 | |
| The problems in this context are : | |
| - | * It makes some guides "untranslatable", because if one of the prerequisite guides of a tutorial cannot be translated, the guide that inherits the bugged prerequisite guide will not be able to be completely translated so it cannot be viewed as a translated guide as the translation is considered incomplete by the platform, so the guide |
| + | * It makes some guides "untranslatable", because if one of the prerequisite guides of a tutorial cannot be translated, the guide that inherits the bugged prerequisite guide will not be able to be completely translated so it cannot be viewed as a translated guide as the translation is considered incomplete by the platform, so the guide remains in the original language instead of the partially translated one. |
| * The content of this forbidden guide can be read under certain circumstances, when it is linked as a prerequisite guide of a guide that can be accessed, that's an inconsistent behavior because usually, prerequisite guides can be accessed and linked as prerequisite guides without this kind of issue. | |
| * The fact the content of a guide can be viewed but the guide itself is not allowed to be accessed (read and write) is a security issue. | |
| Thanks for reading. |
Status:
open
Edit by: Brendan
Text:
| Hi iFixit team, | |
| I think I found something... interesting :-) | |
| === Bug description === | |
| There is something strange, I think it's an inconsistency in the iFixit's security system that handles if a tutorial can be accessed or not. I found some pages that are indexed or viewable but that cannot be accessed in the normal way. | |
| === Reproduce the bug, scenario 1 === | |
| First I made the following search "ethernet" : | |
| Here is a direct link to the search results on iFixit FR : [link|https://fr.ifixit.com/Search?doctype=guide&query=ethernet|https://fr.ifixit.com/Search?doctype=guide&query=ethernet] | |
| Then I clicked on this specific result : | |
| [image|97114] | |
| And... I got a 403, forbidden access page : | |
| [image|97115] | |
| The problem here is the tutorial is indexed, so it must be readable or it must not be indexed. But it should not be indexed and not readable, as this behavior is inconsistent. | |
| Here is the link to the problematic tutorial : https://fr.ifixit.com/Guide/Remplacement+du+connecteur+du+c%C3%A2ble+Ethernet/148508 | |
| === Reproduce the bug, scenario 2 === | |
| It seems this exact same bug is also affecting some guides but in a different (more problematic) way. | |
| Let's take this guide as an example : https://fr.ifixit.com/Tutoriel/Toshiba+Satellite+A105-S4011+Optical+Drive+Replacement/14701 | |
| On the following guide, we can observe there are some prerequisite guides, but if I click on the following prerequisite : | |
| [image|97118] | |
| I got the 403, forbidden access : | |
| [image|97119] | |
| Also, the content of this specific guide [link|https://fr.ifixit.com/Tutoriel/Toshiba+Satellite+A105-S4011+Optical+Drive+Replacement/14701#s48657|can be read here] : | |
| [image|97120] | |
| Also, if I click on the "Edit" button, I also got the 403 error page. | |
| Resources : | |
| * Direct link to the bugged prerequisite guide : https://fr.ifixit.com/Tutoriel/prereq/14656 | |
| * Direct link to the guide inheriting the bugged prerequisite guide : https://fr.ifixit.com/Tutoriel/Toshiba+Satellite+A105-S4011+Optical+Drive+Replacement/14701 | |
| * Direct link to the translation page of the bugged prerequisite guide : https://fr.ifixit.com/Tutoriel/modifier/14701/48657 | |
| The problems in this context are : | |
| * It makes some guides "untranslatable", because if one of the prerequisite guides of a tutorial cannot be translated, the guide that inherits the bugged prerequisite guide will not be able to be completely translated so it cannot be viewed as a translated guide as the translation is considered incomplete by the platform, so the guide is remains in the original language instead of the partially translated one. | |
| - | * The content of this forbidden guide can be read under certain circumstances, when it is linked as a prerequisite guide of a guide that can be accessed, that's an inconsistent behavior because usually, prerequisite guides |
| + | * The content of this forbidden guide can be read under certain circumstances, when it is linked as a prerequisite guide of a guide that can be accessed, that's an inconsistent behavior because usually, prerequisite guides can be accessed and linked as prerequisite guides without this kind of issue. |
| * The fact the content of a guide can be viewed but the guide itself is not allowed to be accessed (read and write) is a security issue. | |
| Thanks for reading. |
Status:
open
Edit by: Brendan
Text:
| Hi iFixit team, | |
| - | I think I found something. |
| + | I think I found something... interesting :-) |
| === Bug description === | |
| - | |
| There is something strange, I think it's an inconsistency in the iFixit's security system that handles if a tutorial can be accessed or not. I found some pages that are indexed or viewable but that cannot be accessed in the normal way. | |
| === Reproduce the bug, scenario 1 === | |
| - | |
| First I made the following search "ethernet" : | |
| - | Here is a direct link to the search results on iFixit FR : [link|https://fr.ifixit.com/Search?doctype=guide&query=ethernet|https://fr.ifixit.com/Search?doctype=guide&query=ethernet |
| + | Here is a direct link to the search results on iFixit FR : [link|https://fr.ifixit.com/Search?doctype=guide&query=ethernet|https://fr.ifixit.com/Search?doctype=guide&query=ethernet] |
| Then I clicked on this specific result : | |
| [image|97114] | |
| And... I got a 403, forbidden access page : | |
| [image|97115] | |
| The problem here is the tutorial is indexed, so it must be readable or it must not be indexed. But it should not be indexed and not readable, as this behavior is inconsistent. | |
| Here is the link to the problematic tutorial : https://fr.ifixit.com/Guide/Remplacement+du+connecteur+du+c%C3%A2ble+Ethernet/148508 | |
| === Reproduce the bug, scenario 2 === | |
| - | |
| It seems this exact same bug is also affecting some guides but in a different (more problematic) way. | |
| Let's take this guide as an example : https://fr.ifixit.com/Tutoriel/Toshiba+Satellite+A105-S4011+Optical+Drive+Replacement/14701 | |
| On the following guide, we can observe there are some prerequisite guides, but if I click on the following prerequisite : | |
| [image|97118] | |
| I got the 403, forbidden access : | |
| [image|97119] | |
| - | Also, the content of this specific guide [link|https://fr.ifixit.com/Tutoriel/Toshiba+Satellite+A105-S4011+Optical+Drive+Replacement/14701#s48657|can be read here |
| + | Also, the content of this specific guide [link|https://fr.ifixit.com/Tutoriel/Toshiba+Satellite+A105-S4011+Optical+Drive+Replacement/14701#s48657|can be read here] : |
| [image|97120] | |
| Also, if I click on the "Edit" button, I also got the 403 error page. | |
| Resources : | |
| * Direct link to the bugged prerequisite guide : https://fr.ifixit.com/Tutoriel/prereq/14656 | |
| * Direct link to the guide inheriting the bugged prerequisite guide : https://fr.ifixit.com/Tutoriel/Toshiba+Satellite+A105-S4011+Optical+Drive+Replacement/14701 | |
| * Direct link to the translation page of the bugged prerequisite guide : https://fr.ifixit.com/Tutoriel/modifier/14701/48657 | |
| - | |
| The problems in this context are : | |
| * It makes some guides "untranslatable", because if one of the prerequisite guides of a tutorial cannot be translated, the guide that inherits the bugged prerequisite guide will not be able to be completely translated so it cannot be viewed as a translated guide as the translation is considered incomplete by the platform, so the guide is remains in the original language instead of the partially translated one. | |
| * The content of this forbidden guide can be read under certain circumstances, when it is linked as a prerequisite guide of a guide that can be accessed, that's an inconsistent behavior because usually, prerequisite guides that can be accessed and linked as prerequisite guides. | |
| * The fact the content of a guide can be viewed but the guide itself is not allowed to be accessed (read and write) is a security issue. | |
| - | |
| Thanks for reading. |
Status:
open
Original post by: Brendan
Text:
Hi iFixit team, I think I found something. === Bug description === There is something strange, I think it's an inconsistency in the iFixit's security system that handles if a tutorial can be accessed or not. I found some pages that are indexed or viewable but that cannot be accessed in the normal way. === Reproduce the bug, scenario 1 === First I made the following search "ethernet" : Here is a direct link to the search results on iFixit FR : [link|https://fr.ifixit.com/Search?doctype=guide&query=ethernet|https://fr.ifixit.com/Search?doctype=guide&query=ethernet|new_window=true] Then I clicked on this specific result : [image|97114] And... I got a 403, forbidden access page : [image|97115] The problem here is the tutorial is indexed, so it must be readable or it must not be indexed. But it should not be indexed and not readable, as this behavior is inconsistent. Here is the link to the problematic tutorial : https://fr.ifixit.com/Guide/Remplacement+du+connecteur+du+c%C3%A2ble+Ethernet/148508 === Reproduce the bug, scenario 2 === It seems this exact same bug is also affecting some guides but in a different (more problematic) way. Let's take this guide as an example : https://fr.ifixit.com/Tutoriel/Toshiba+Satellite+A105-S4011+Optical+Drive+Replacement/14701 On the following guide, we can observe there are some prerequisite guides, but if I click on the following prerequisite : [image|97118] I got the 403, forbidden access : [image|97119] Also, the content of this specific guide [link|https://fr.ifixit.com/Tutoriel/Toshiba+Satellite+A105-S4011+Optical+Drive+Replacement/14701#s48657|can be read here|new_window=true] : [image|97120] Also, if I click on the "Edit" button, I also got the 403 error page. Resources : * Direct link to the bugged prerequisite guide : https://fr.ifixit.com/Tutoriel/prereq/14656 * Direct link to the guide inheriting the bugged prerequisite guide : https://fr.ifixit.com/Tutoriel/Toshiba+Satellite+A105-S4011+Optical+Drive+Replacement/14701 * Direct link to the translation page of the bugged prerequisite guide : https://fr.ifixit.com/Tutoriel/modifier/14701/48657 The problems in this context are : * It makes some guides "untranslatable", because if one of the prerequisite guides of a tutorial cannot be translated, the guide that inherits the bugged prerequisite guide will not be able to be completely translated so it cannot be viewed as a translated guide as the translation is considered incomplete by the platform, so the guide is remains in the original language instead of the partially translated one. * The content of this forbidden guide can be read under certain circumstances, when it is linked as a prerequisite guide of a guide that can be accessed, that's an inconsistent behavior because usually, prerequisite guides that can be accessed and linked as prerequisite guides. * The fact the content of a guide can be viewed but the guide itself is not allowed to be accessed (read and write) is a security issue. Thanks for reading.
Status:
open