...
Multiexcerpt | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||
Macro Instructions for carrying Article Information through to Feature List
Instructions for carrying Excerpts through from this page to the Feature List Article Page: Add macro / Multiexcerpt (or copy and existing excerpt and edit) or (Copy existing page and place content into existing excerpt macros) On Features List page: Click in the Cell to be populated / add macro / Multiexcerpt Include / Select the Article page and the excerpt (or copy another feature line and edit the 'Article page' source. |
Issues Found in Testing
<h2 id="1">Issues Found in Testing</h2>Steps I followed to find the issue
The CMS allows an administrative user to change the name of uploaded files—including scripts and style sheets—that are in use in CMS.
a. I changed the cv.css.circle.css to cv.css.bread.css
b. Because the system allows you to do that, I expected it would propagate the changes to the Scripts & Styles widget that uses it.
c. If I try to edit that file in CMS, I get an error.
d. Any attempt to interact with that file gives an error
e. The renamed file doesn’t show up in the list of Scripts & Styles
f. If you add a script/style, it allows you to type in a file of the same name, and it presents you with an empty script.
g. I can remove the file (or any file) without it warning me that widgets use it. Yet, it still shows in CMS (Scripts & Styles).
h. If I click to edit that file, I get the “Unable to find the file. Please contact support.” Error.
i. Also, once it is gone from File Manager, there is no way to remove it from CMS. I guess they would log a service call?
Conclusion
A user may not have attempted this in the past, but that does not mean it is not a problem that we could get in front of. A nefarious administrator could do what I did to cause problems before they resign from a place. If a system allows any user to perform a function, I believe that the system should put safety mechanisms in place to stop the function executing if it negatively affects the used element.