Prestashop: Disabled products are visible with wrong token or no token at all
Describe the bug
Disabled products are visible with wrong token or no token at all
To Reproduce
Steps to reproduce the behavior:
- Go to Catalog and disable a product
- Click on Preview
- Copy URL and open an Incognito window to make sure you're not logged in as admin and all cookies are cleared.
- Change the token in the URL to whatever, or even remove it, or remove all query parameteres and keep just
?preview=1. Refresh. - The product is still visible, with no error message displayed
Screenshots
If applicable, add screenshots or screenrecords to help explain your problem.
With correct token:
Token removed:
Additional information
PrestaShop version: 1.7.5.2, 1.7.6, 1.7.7
PHP version: N/A
rdy4ever
All 5 comments
Hi @rdy4ever,
Thanks for your report.
I manage to reproduce the issue with PS1.7.5.2 & PS1.7.6.2 & PS1.7.6.3 & the branch 1.7.7.x.
I鈥檒l add this to the debug roadmap so that it鈥檚 fixed. If you have already fixed it on your end or if you think you can do it, please do send us a pull request!
Thanks!
khouloudbelguith
on 5 Feb 2020
@PrestaShop/prestashop-product-team Hi, Is it the good behavior that a disabled product is accessible on the frontoffice from an anonymous user (but with a parameter in URL ?preview=1) ?
Progi1984
on 6 Feb 2020
@PrestaShop/prestashop-product-team Hi, Is it the good behavior that a disabled product is accessible on the frontoffice from an anonymous user (but with a parameter in URL
?preview=1) ?
Hi @Progi1984
This is clearly a bug :)
rdy4ever
on 6 Feb 2020
I confirm a disabled product should never be accessible on front office, whatever type of "user" you are, except for preview which I guess is only usable with a specific token. Wdyt @Progi1984 ?
colinegin
on 6 Feb 2020
@colinegin Thanks for the answer.
Progi1984
on 7 Feb 2020
Related issues
khouloudbelguith
路
3Comments
vincent-dp
路
3Comments
matks
路
3Comments
rGaillard
路
3Comments
hiousi
路
3Comments