Menu
▾
▴
[phpesp-dev] [ phpesp-Bugs-754420 ] Small Security Issue in admdesigner.inc
|
From: SourceForge.net <no...@so...> - 2004-02-21 21:35:55
|
Bugs item #754420, was opened at 2003-06-14 03:03 Message generated for change (Comment added) made by greggmc You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=754420&group_id=8956 Category: Admin Group: cvs >Status: Closed Resolution: None Priority: 5 Submitted By: Leonard Chan (wotg) >Assigned to: Matthew Gregg (greggmc) Summary: Small Security Issue in admdesigner.inc Initial Comment: Hello. I just noticed what I believe to be a small security issue in 'admdesigner.inc'. There is an existing permisions check, but it only applies to "Delete" operations. As far as I can tell, there is no checking when opening, updating, or adding a designer. One solution would be to move the permissions check a dozen lines earlier, and have it apply to all operations. Hope I'm not imagining things again... Have a good one! Leonard. ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2004-02-21 16:27 Message: Logged In: YES user_id=14116 Fixed in CVS. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=754420&group_id=8956 |
