Details
-
Bug
-
Resolution: Fixed
-
Medium
-
4.0.3, 4.1.0
-
None
Description
Hi.
Whenever you try to look for a view of a module that doesn't exists, eZ Publish thrown an ACCESS DENIED error.
Is this the expected behaviour? I mean, if the view doesn't exists shouldn't it be better to thrown a KERNEL NOT FOUND ERROR, or maybe a VIEW NOT FOUND ERROR?
All this came because we have developed an eZ site for one of our customers. There was a previous version of the site built with Joomla, and some joomla urls were previously indexed by search spiders. It seems that joomla use for a blog kind a module urls like
www.yoursite.com/content/blogcategory/[id]
Now, when a user find that in google, eZ Publish "reply" with an access denied error...
I've checked some of our old projects built in old versions of ezPublish and view not found error is correctly set. (for 3.8). but it seems that maybe from 3.9 or 3.10 that kind of urls returns access denied error.
I would expect a view not found or page not found and not an access denied. Access denied is something that hackers like a lot
Correct me if i'm wrong, but i think that index.php check the access to the view of the module previously to the existance of the view... Is there any reason for this?
I mean, if the view doesn't exists, there's no need to check the access for it...
thanks for your time.
Steps to reproduce
Just type in your browser something like www.yoursite.com/content/viewnotfound (with an eZ Publish site, obviously)
You can also check the differences playing with something like
www.ez.no/content/viewnotfound
and
projects.ez.no/content/viewnotfound.
First of them returns view not found, but not other.