@joomla/security ?

The feature is NOT disabled. only the ability to see the button. Same is true with custom fields. (and workflows in J4)

If something is not enabled, then it is by definition "disabled"... not just hidden.

if versions is disabled, it doesnt store a version on save right? - because its disabled! the toggle does more than just hide a button... im guessing, ive not checked.

if someone has versions enabled, and after a while disables it, they would not want people to craft a url to view previous content...

Which is a lie, if when enabled it stores a version on save, and when not enabled doesn't !

Copy and pasting the same crap image doesnt prove you are right.

The fact is that enabling/disabling versions DOES MORE THAN JUST CONTROL THE LAYOUT OF THE ARTICLE EDITING PAGE!

If only you knew how joomla works :(

Prove that I’m wrong then.

If only you treated people with respect.

On 9 Feb 2019, at 21:42, Brian Teeman notifications@github.com wrote:

If only you knew how joomla works :(

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.

@PhilETaylor
I confirm your findings that when switching Enable Versions to No, the versions that have been saved before remain in the _ucm_history table (they are not deleted), although a new version is not created indeed.

Just because the feature is disabled does not mean that all existing data should be deleted.

Just because the feature is disabled does not mean that all existing data should be deleted.

But according to @brianteeman it should still be available by crafting a url direct to the data even though the feature is disabled.

I disagree, and say that if the feature is disabled, then I should not be able to access the data by a direct url.

But according to @brianteeman it should still be available by crafting a url direct to the data even though the feature is disabled.

No thats not what I said at all. I simply state the facts that the thing which you are disabling is the ability to display the versions button on the article editing page and that without the button being enabled then no versions are stored.

Dont forget that the component you are accessing to read the content history is NOT com_content and it is used across multiple extensions.

Just because the feature is disabled does not mean that all existing data should be deleted.

That is the point here. Shall it or not? I also thinks it makes sense to delete it as one can still access to it.
More than that, the admin of the site is not aware that this history is kept forever.

I found out that even totally deleted articles from com_content still have their content history present in the _ucm_history table.

and that without the button being enabled then no versions are stored.

That's not what you wrote first, as you insisted that's only a matter of displaying the versions button, therefore modifying your statement now could be considered as dishonest.

Dont forget that the component you are accessing to read the content history is NOT com_content and it is used across multiple extensions.

And what? I am sure we could devise a way to delete ONLY the part that concerns the component targeted and only that part. The query may not be simple but it can be done.