Menu
▾
▴
[phpws-comm-auto] [ phpwebsite-comm-/mod/mailto-1546812 ] Mailto.php config error causes "access denied"
|
From: SourceForge.net <no...@so...> - 2006-08-25 17:47:12
|
/mod/mailto item #1546812, was opened at 2006-08-25 12:47 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=681718&aid=1546812&group_id=81360 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Harry Rarig (rarig) Assigned to: Nobody/Anonymous (nobody) Summary: Mailto.php config error causes "access denied" Initial Comment: The default MailTo class file "Mailto.php" has a configuration error as shown in the "diff" trace below (need to add "_mailtos" suffix): $ diff Mailto.php.orig Mailto.php 49c49 < if($_SESSION['OBJ_user']->allow_access("mailto", "view")) { --- > if($_SESSION['OBJ_user']->allow_access("mailto", "view_mailtos")) { 95c95 < if($_SESSION['OBJ_user']->allow_access("mailto", "edit")) { --- > if($_SESSION['OBJ_user']->allow_access("mailto", "edit_mailtos")) { 329c329 < if($_SESSION['OBJ_user']->allow_access("mailto", "delete")) { --- > if($_SESSION['OBJ_user']->allow_access("mailto", "delete_mailtos")) { $ pwd ././phpwebsite/mod/mailto/class $ As a consequence of this mis-configuration, the only user who can configure mail lists is the Admin deity. If the changes above are made in "Mailto.php", the admin user can assign MailTo list management to any registered user. Otherwise, whenever a non-admin user attempts to edit and/or create a mail list entry, that user will receive a red warning message: "Access Denied", even if that user has MailTo module permissions. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=681718&aid=1546812&group_id=81360 |
