GX-Entwicklung

It's possible to download several content manager entries by using the following endpoint:

<shop-url>/request_port.php?module=ShopContent&action=download&coID=<content-ID>

Expectation:
Content manager entries can be downloads as long as:

1. The content with the provided ID exists.
2. The "customer group check" is disabled or the customer has the needed permission.
3. The status of the content is active (content is visible).

In any other case, a 404 error should be returned.

Reality:

• There is no check for existing content manager entries.
• Contents can be downloaded even if the status is not visible.
• Contents can't be downloaded even if "customer group check" is enabled and the content is available for all customer groups.

Note:
Please test this with and without the "customer group check" which can be activated on the general shop configuration page.
Furthermore, please check if any logs are created when returning the 404 page.