Open sndrr opened 9 years ago
Security thing ;)
So, does that mean it will not be fixed anytime soon?
@sndrr not sure about soon
.
Looking for a way to cheat recent security changes in core is not top priority imho.
Documents is not the only app I maintain.
@VicDeo I understand. Maybe I'll look into it myself. I suppose pull requests are welcome. :)
By the way, maybe somewhat related. Public users also don't see registered users 'leave' when they close the document. They can see other public users leave, but not the registered ones. Should I create a new ticket for this?
Steps to reproduce
Expected behaviour
A view like this (right of screen):
This is the HTML of the orange admin avatar:
This works the way it should for known (registerd) oC users.
Actual behaviour
A view with blank avatars (right of screen): This is the HTML of the guest avatar:
It's missing
background-color: rgb(246, 174, 85); color: rgb(255, 255, 255); font-weight: normal; text-align: center; line-height: 60px; font-size: 33px;
in the style, and an identifier before the</span>
if no profile picture is set. It gets a 401 on the avatar, see the browser log below.Server configuration
Operating system: Debian 8 (Jessie)
Web server: Server Version: Apache/2.4.10 (Debian) Phusion_Passenger/4.0.53 OpenSSL/1.0.1k Server MPM: prefork
Database: mysql Ver 14.14 Distrib 5.5.44, for debian-linux-gnu (x86_64) using readline 6.3
PHP version: PHP 5.6.12-0+deb8u1
ownCloud version: (see ownCloud admin page) sudo -u www-data php occ status
Updated from an older ownCloud or fresh install: update from 8.0 to 8.1.1.3
List of activated apps: Only relevant app here is
documents
, so I included that.Browser log