Bugs item #754420, was opened at 2003-06-14 03:03
Message generated for change (Comment added) made by greggmc
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=108956&aid=754420&group_id=8956
Category: Admin
Group: cvs
>Status: Closed
Resolution: None
Priority: 5
Submitted By: Leonard Chan (wotg)
>Assigned to: Matthew Gregg (greggmc)
Summary: Small Security Issue in admdesigner.inc
Initial Comment:
Hello.
I just noticed what I believe to be a small security
issue in 'admdesigner.inc'. There is an existing
permisions check, but it only applies to "Delete"
operations. As far as I can tell, there is no checking
when opening, updating, or adding a designer.
One solution would be to move the permissions check a
dozen lines earlier, and have it apply to all operations.
Hope I'm not imagining things again...
Have a good one!
Leonard.
----------------------------------------------------------------------
Comment By: Matthew Gregg (greggmc)
Date: 2004-02-21 16:27
Message:
Logged In: YES
user_id=14116
Fixed in CVS.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=108956&aid=754420&group_id=8956
|
