0000430: contracts.php viewable without auth - SiT! Bugs

SiT! Bugs

View Issue Details [ Jump to Notes ]

[ Issue History ] [ Print ]

ID

Project

Category

View Status

Date Submitted

Last Update

0000430

SiT!

portal

public

2009-01-24 08:56

2009-02-27 16:27

Reporter

kieran

Assigned To

paulh

Priority

normal

Severity

minor

Reproducibility

have not tried

Status

closed

Resolution

fixed

Platform

OS

OS Version

Product Version

Target Version

Fixed in Version

3.45

Summary

0000430: contracts.php viewable without auth

Description

For some reason contracts.php is viewable without being logged in. Obviously you can't do anything on the page with no session but it should prompt for a login like the other pages.

Tags

No tags attached.

Relationships

Notes
(0000519) paulh (administrator) 2009-01-24 10:28	Also sitedetails.php is the same Would appear to be anything with a accesslevel of admin portalauth.inc.php appears to be the problem around line 24 we have elseif ($accesslevel == 'admin' AND $_SESSION['usertype'] != 'admin') Which is matching which gives the strPermissionDenied We need to check as well if the session has been created in this case as well

(0000520) paulh (administrator) 2009-01-24 10:36	trunk r4712 resolves this, check we have a session as well

Issue History
Date Modified	Username	Field	Change
2009-01-24 08:56	kieran	New Issue
2009-01-24 10:28	paulh	Note Added: 0000519
2009-01-24 10:28	paulh	Status	new => confirmed
2009-01-24 10:34	paulh	Status	confirmed => assigned
2009-01-24 10:34	paulh	Assigned To	=> paulh
2009-01-24 10:36	paulh	Note Added: 0000520
2009-01-24 10:36	paulh	Status	assigned => resolved
2009-01-24 10:36	paulh	Resolution	open => fixed
2009-01-24 10:36	paulh	Fixed in Version	=> 3.45
2009-02-27 16:27	ivan	Status	resolved => closed

Copyright © 2000 - 2021 MantisBT Team