Not logged users get LDAP password information from the 404 page #851

New Issue

Closed

opened 2026-02-04 22:29:31 +03:00 by OVERLORD · 3 comments

OVERLORD commented 2026-02-04 22:29:31 +03:00

Owner

Copy Link

Originally created by @Carlosongit on GitHub (Oct 8, 2018).

Describe the bug
When a non allowed user tries to access an article he gets a 404 page where all the config info can be seen.

Steps To Reproduce
Steps to reproduce the behavior:

1. Share an article page to someone
2. This someone is not logged to the Bookstack and click on the link
3. He/she gets a 404 page with all the info from the server including the LDAP password
4. See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots

Your Configuration (please complete the following information):

• Exact BookStack Version (Found in settings): BookStack v0.22.0
• PHP Version: PHP 7.2.10-0ubuntu0.18.04.1 (cli) (built: Sep 13 2018 13:45:02) ( NTS )
• Hosting Method (Nginx/Apache/Docker): Apache

Additional context
I would rather have a non logged user redirected to the login page.
And of course be sure that any important information is not shown.

Thank you in advance for this fabulous application and for any further help.

Carlos

Originally created by @Carlosongit on GitHub (Oct 8, 2018). **Describe the bug** When a non allowed user tries to access an article he gets a 404 page where all the config info can be seen. **Steps To Reproduce** Steps to reproduce the behavior: 1. Share an article page to someone 2. This someone is not logged to the Bookstack and click on the link 3. He/she gets a 404 page with all the info from the server including the LDAP password 4. See error **Expected behavior** A clear and concise description of what you expected to happen. **Screenshots**   **Your Configuration (please complete the following information):** - Exact BookStack Version (Found in settings): BookStack v0.22.0 - PHP Version: PHP 7.2.10-0ubuntu0.18.04.1 (cli) (built: Sep 13 2018 13:45:02) ( NTS ) - Hosting Method (Nginx/Apache/Docker): Apache **Additional context** I would rather have a non logged user redirected to the login page. And of course be sure that any important information is not shown. Thank you in advance for this fabulous application and for any further help. Carlos

OVERLORD added the 📖 Docs Update❓ Question labels 2026-02-04 22:29:31 +03:00

OVERLORD closed this issue 2026-02-04 22:29:33 +03:00

OVERLORD commented 2026-02-04 22:29:40 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Oct 11, 2018):

Hi @Carlosongit,
This is only showing since debug mode is turned on.

I'd advise you disable debug mode in normal operation to avoid such scenarios.

@ssddanbrown commented on GitHub (Oct 11, 2018): Hi @Carlosongit, This is only showing since debug mode is turned on. I'd advise you disable debug mode in normal operation to avoid such scenarios.

OVERLORD commented 2026-02-04 22:29:45 +03:00

Author

Owner

Copy Link

@Carlosongit commented on GitHub (Oct 12, 2018):

Dan, it Was absolutely the answer thank you.

How can I close this ticket as resolved ?

Cheers,

Carlos Alonso Souza

Le 11 oct. 2018 à 09:41, Dan Brown notifications@github.com a écrit :

Hi @Carlosongit,
This is only showing since debug mode is turned on.

I'd advise you disable debug mode in normal operation to avoid such scenarios.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.

@Carlosongit commented on GitHub (Oct 12, 2018): Dan, it Was absolutely the answer thank you. How can I close this ticket as resolved ? Cheers, Carlos Alonso Souza > Le 11 oct. 2018 à 09:41, Dan Brown <notifications@github.com> a écrit : > > Hi @Carlosongit, > This is only showing since debug mode is turned on. > > I'd advise you disable debug mode in normal operation to avoid such scenarios. > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub, or mute the thread.

OVERLORD commented 2026-02-04 22:29:51 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Oct 13, 2018):

Thanks @Carlosongit for confirming that solves this.
I've now added a warning to the debugging page in the BookStack docs to highlight this.

@ssddanbrown commented on GitHub (Oct 13, 2018): Thanks @Carlosongit for confirming that solves this. I've now added a warning to the debugging page in the BookStack docs to highlight this.

OVERLORD referenced this issue 2026-02-05 10:15:18 +03:00

[PR #851] [MERGED] Update german translation #5725

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

release

v25-12

l10n_development

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.7

v25.12.6

v25.12.5

v25.12.4

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label 📖 Docs Update ❓ Question

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#851