Menu
▾
▴
[phpesp-dev] [ phpesp-Bugs-754420 ] Small Security Issue in admdesigner.inc
|
From: SourceForge.net <no...@so...> - 2003-06-14 08:03:56
|
Bugs item #754420, was opened at 2003-06-14 01:03 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=754420&group_id=8956 Category: Admin Group: cvs Status: Open Resolution: None Priority: 5 Submitted By: Leonard Chan (wotg) Assigned to: Nobody/Anonymous (nobody) Summary: Small Security Issue in admdesigner.inc Initial Comment: Hello. I just noticed what I believe to be a small security issue in 'admdesigner.inc'. There is an existing permisions check, but it only applies to "Delete" operations. As far as I can tell, there is no checking when opening, updating, or adding a designer. One solution would be to move the permissions check a dozen lines earlier, and have it apply to all operations. Hope I'm not imagining things again... Have a good one! Leonard. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=754420&group_id=8956 |
