SiT! Bugs - SiT!
View Issue Details
0000430SiT!portalpublic2009-01-24 08:562009-02-27 16:27
kieran 
paulh 
normalminorhave not tried
closedfixed 
 
3.45 
0000430: contracts.php viewable without auth
For some reason contracts.php is viewable without being logged in. Obviously you can't do anything on the page with no session but it should prompt for a login like the other pages.
No tags attached.
Issue History
2009-01-24 08:56kieranNew Issue
2009-01-24 10:28paulhNote Added: 0000519
2009-01-24 10:28paulhStatusnew => confirmed
2009-01-24 10:34paulhStatusconfirmed => assigned
2009-01-24 10:34paulhAssigned To => paulh
2009-01-24 10:36paulhNote Added: 0000520
2009-01-24 10:36paulhStatusassigned => resolved
2009-01-24 10:36paulhResolutionopen => fixed
2009-01-24 10:36paulhFixed in Version => 3.45
2009-02-27 16:27ivanStatusresolved => closed

Notes
(0000519)
paulh   
2009-01-24 10:28   
Also sitedetails.php is the same

Would appear to be anything with a accesslevel of admin

portalauth.inc.php appears to be the problem around line 24 we have

elseif ($accesslevel == 'admin' AND $_SESSION['usertype'] != 'admin')

Which is matching which gives the strPermissionDenied

We need to check as well if the session has been created in this case as well
(0000520)
paulh   
2009-01-24 10:36   
trunk r4712 resolves this, check we have a session as well