Dependency Graph
related to 
child of 
duplicate of View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0015372 | phpList 3 application | Authentication System | public | 30-11-09 20:45 | 19-04-10 19:53 |
| Reporter | adrian15 | Assigned To | |||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | Future developments | ||||
| Fixed in Version | 2.10.12 | ||||
| Summary | 0015372: An admin can delete other admins lists without being the owner | ||||
| Description | If one admin have access to list page he can write an url like this: http://domain.com/lists/admin/?page=list&delete=4 Even if list with id=4 is not a property of the admin it gets deleted! | ||||
| Additional Information | I think this bug should be checked in 2.10.10 and solved also there because it is a very important bug in my opinnion. | ||||
| Tags | No tags attached. | ||||
|
30-11-09 20:45
|
svn_r1703_post_initial_04_patch_list_admin_can_delete_other_admins_lists.patch (1,421 bytes)
diff -urN svn_r1703_sin_punto_svn_improved_01_editlist_acceslist/phplist/public_html/lists/admin/list.php svn_r1703_sin_punto_svn_improved_02_list_delete_any_list/phplist/public_html/lists/admin/list.php
--- svn_r1703_sin_punto_svn_improved_01_editlist_acceslist/phplist/public_html/lists/admin/list.php 2009-11-29 11:27:41.000000000 +0100
+++ svn_r1703_sin_punto_svn_improved_02_list_delete_any_list/phplist/public_html/lists/admin/list.php 2009-11-29 13:01:51.000000000 +0100
@@ -11,12 +11,18 @@
if (isset($_GET['delete'])) {
$delete = sprintf('%d',$_GET['delete']);
+ print $GLOBALS['I18N']->get('Checking')." $delete ...\n";
+ $req = Sql_Query(sprintf("select * from %s where ((owner = %d) and (id = %d))",$tables["list"],$_SESSION["logindetails"]["id"],$delete));
+ if (!Sql_Affected_Rows()) {
+ print '<p class="error">'.$GLOBALS['I18N']->get("You do not have enough permissions to delete this list.").'</p>';
+ } else {
# delete the index in delete
print $GLOBALS['I18N']->get('Deleting') . " $delete ..\n";
$result = Sql_Query_Params("delete from $tables[list] where id = ?", array($delete));
$result = Sql_Query_Params("delete from $tables[listuser] where listid = ?", array($delete));
$result = Sql_Query_Params("delete from $tables[listmessage] where listid = ?", array($delete));
print '..' . $GLOBALS['I18N']->get('Done') . "<br /><hr /><br />\n";
+ }
}
## quick DB fix
|
|
|
revision 1871 |
