Open sumitsinghwp opened 2 months ago
This page should not be linked to directly — a company managing their pledge should do so with the "Edit Pledge" link on their company page. After confirming their access, it emails a link to the pledge owner with the full URL, which includes the pledge ID and an authentication token.
If you visit this page directly, as above, it sees no auth token and errors. This message could be updated in the code, but really the link should be removed from the Handbook.
Hey Team,
I have visited https://wordpress.org/five-for-the-future/manage-pledge/ page there are some accessible type issues. this page should not be accessible or should error out or something when someone without a pledge is checking.
for more information, you can chat here - https://wordpress.slack.com/archives/C037W5S7X/p1718871181491009?thread_ts=1718870467.828969&cid=C037W5S7X
Here are the steps to find the link.