Versions Compared

Old Version 5

changes.mady.by.user Documenter

Saved on

compared with

New Version 6

changes.mady.by.user Documenter

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Multiexcerpt
hiddentrue
MultiExcerptNameFeatures List Headers

Macro Instructions for carrying Article Information through to Feature List

Minimum

Version

Requirements

BPD

ONLY


Business Function

CMS Category

B2B
B2C

BOTH

Feature

Feature Description

(Written for our customers and can be pasted into comms sent to them)

Additional info

Pre-Reqs/
Gotchas

Self Configurable

Ballpark Hours
From CV

(if opting for CV to complete self config component)

Ballpark Hours
From CV

(in addition to any self config required)

Third Party Costs

Instructions for carrying Excerpts through from this page to the Feature List

Article Page:

Add macro  / Multiexcerpt (or copy and existing excerpt and edit) or (Copy existing page and place content into existing excerpt macros)

On Features List page:

Click in the Cell to be populated  / add macro /  Multiexcerpt Include / Select the Article page and the excerpt (or copy another feature line and edit the 'Article page' source.


Issues Found in Testing


<h2 id="1">Issues Found in Testing</h2>Steps I followed to find the issue

The CMS allows an administrative user to change the name of uploaded files—including scripts and style sheets—that are in use in CMS.

a.     I changed the cv.css.circle.css to cv.css.bread.css

Image AddedImage Added

b.    Because the system allows you to do that, I expected it would propagate the changes to the Scripts & Styles widget that uses it.

Image Added

c.     If I try to edit that file in CMS, I get an error.

Image Added

d.    Any attempt to interact with that file gives an error

Image Added

e.    The renamed file doesn’t show up in the list of Scripts & Styles

Image Added

f.     If you add a script/style, it allows you to type in a file of the same name, and it presents you with an empty script.

Image AddedImage Added

g.    I can remove the file (or any file) without it warning me that widgets use it.  Yet, it still shows in CMS (Scripts & Styles).

Image Added

h.    If I click to edit that file, I get the “Unable to find the file. Please contact support.” Error.

i.     Also, once it is gone from File Manager, there is no way to remove it from CMS. I guess they would log a service call?


Conclusion

A user may not have attempted this in the past, but that does not mean it is not a problem that we could get in front of. A nefarious administrator could do what I did to cause problems before they resign from a place. If a system allows any user to perform a function, I believe that the system should put safety mechanisms in place to stop the function executing if it negatively affects the used element.