SiT! Bugs

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000430SiT!portalpublic2009-01-24 08:562009-02-27 16:27
Reporterkieran 
Assigned Topaulh 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version3.45 
Summary0000430: contracts.php viewable without auth
DescriptionFor some reason contracts.php is viewable without being logged in. Obviously you can't do anything on the page with no session but it should prompt for a login like the other pages.
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
User avatar (0000519)
paulh (administrator)
2009-01-24 10:28

Also sitedetails.php is the same

Would appear to be anything with a accesslevel of admin

portalauth.inc.php appears to be the problem around line 24 we have

elseif ($accesslevel == 'admin' AND $_SESSION['usertype'] != 'admin')

Which is matching which gives the strPermissionDenied

We need to check as well if the session has been created in this case as well
User avatar (0000520)
paulh (administrator)
2009-01-24 10:36

trunk r4712 resolves this, check we have a session as well

- Issue History
Date Modified Username Field Change
2009-01-24 08:56 kieran New Issue
2009-01-24 10:28 paulh Note Added: 0000519
2009-01-24 10:28 paulh Status new => confirmed
2009-01-24 10:34 paulh Status confirmed => assigned
2009-01-24 10:34 paulh Assigned To => paulh
2009-01-24 10:36 paulh Note Added: 0000520
2009-01-24 10:36 paulh Status assigned => resolved
2009-01-24 10:36 paulh Resolution open => fixed
2009-01-24 10:36 paulh Fixed in Version => 3.45
2009-02-27 16:27 ivan Status resolved => closed


Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker