five-for-the-future icon indicating copy to clipboard operation
five-for-the-future copied to clipboard
verified publisher icon WordPress

Manage Pledge page shows error when visited without pledge details

Open sumitsinghwp opened this issue 1 year ago • 1 comments

Hey Team,

I have visited https://wordpress.org/five-for-the-future/manage-pledge/ page there are some accessible type issues. this page should not be accessible or should error out or something when someone without a pledge is checking.

for more information, you can chat here - https://wordpress.slack.com/archives/C037W5S7X/p1718871181491009?thread_ts=1718870467.828969&cid=C037W5S7X

image

Here are the steps to find the link.

  1. Go to this page - https://wordpress.org/five-for-the-future/handbook/organization-pledge-guide/onboarding-organization-and-team-setup/
  2. Then Click on Manage Pledge link.

image

sumitsinghwp avatar Jun 20 '24 08:06 sumitsinghwp

This page should not be linked to directly — a company managing their pledge should do so with the "Edit Pledge" link on their company page. After confirming their access, it emails a link to the pledge owner with the full URL, which includes the pledge ID and an authentication token.

Screenshot 2024-08-27 at 5 27 42 PM

If you visit this page directly, as above, it sees no auth token and errors. This message could be updated in the code, but really the link should be removed from the Handbook.

ryelle avatar Aug 27 '24 21:08 ryelle