ISPConfig 3

Welcome to the bugtracker of the ISPConfig project. This bugtracker is for ISPConfig 3.x only.
Tasklist

FS#753 - Error in checking permissions

Attached to Project: ISPConfig 3
Opened by Marius Cramer (Croydon) - Monday, 01 June 2009, 14:00 GMT
Last edited by Till (Till) - Monday, 08 June 2009, 12:28 GMT
Task Type Bug Report
Category Backend / Core
Status Closed
Assigned To No-one
Operating System All
Severity Medium
Priority Normal
Reported Version 3.0.1.3
Due in Version 3.0.1.4
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

There is an error in checking permissions in the file interface/lib/classes/tform_actions.inc.php

In functions "onPrintForm", "onMailSendForm" and "onShowEdit" it says something like

$sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('u');

(sample from onShowEdit - line 530)

I think it should be
$sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('r');

(checking for "read" permission, not for "update")
This task depends upon

Closed by  Till (Till)
Monday, 08 June 2009, 12:28 GMT
Reason for closing:  Fixed
Comment by Marius Cramer (Croydon) - Monday, 01 June 2009, 14:06 GMT
Patch file attached
   tform_actions.inc.php.patch (3 KiB)
Comment by SeberIT (SeberIT) - Thursday, 04 June 2009, 09:18 GMT
I can confirm this. If I manually edit the database to remove the u-right for a client so he can no longer change his e-mail domain, the client gets an error if he tries to open (=r I assume) the entry.

Loading...