Dependency Graph | View Issue Relation Graph Vertical | |||
|
||||
|
View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0015372 | phpList 3 application | Authentication System | public | 30-11-09 20:45 | 19-04-10 18:53 |
Reporter | adrian15 | ||||
Priority | normal | Severity | major | Reproducibility | always |
Status | resolved | Resolution | fixed | ||
Product Version | Future developments | ||||
Target Version | Fixed in Version | 2.10.12 | |||
Summary | 0015372: An admin can delete other admins lists without being the owner | ||||
Description | If one admin have access to list page he can write an url like this: http://domain.com/lists/admin/?page=list&delete=4 Even if list with id=4 is not a property of the admin it gets deleted! | ||||
Additional Information | I think this bug should be checked in 2.10.10 and solved also there because it is a very important bug in my opinnion. | ||||
Tags | No tags attached. | ||||
30-11-09 20:45
|
svn_r1703_post_initial_04_patch_list_admin_can_delete_other_admins_lists.patch (1,421 bytes)
diff -urN svn_r1703_sin_punto_svn_improved_01_editlist_acceslist/phplist/public_html/lists/admin/list.php svn_r1703_sin_punto_svn_improved_02_list_delete_any_list/phplist/public_html/lists/admin/list.php --- svn_r1703_sin_punto_svn_improved_01_editlist_acceslist/phplist/public_html/lists/admin/list.php 2009-11-29 11:27:41.000000000 +0100 +++ svn_r1703_sin_punto_svn_improved_02_list_delete_any_list/phplist/public_html/lists/admin/list.php 2009-11-29 13:01:51.000000000 +0100 @@ -11,12 +11,18 @@ if (isset($_GET['delete'])) { $delete = sprintf('%d',$_GET['delete']); + print $GLOBALS['I18N']->get('Checking')." $delete ...\n"; + $req = Sql_Query(sprintf("select * from %s where ((owner = %d) and (id = %d))",$tables["list"],$_SESSION["logindetails"]["id"],$delete)); + if (!Sql_Affected_Rows()) { + print '<p class="error">'.$GLOBALS['I18N']->get("You do not have enough permissions to delete this list.").'</p>'; + } else { # delete the index in delete print $GLOBALS['I18N']->get('Deleting') . " $delete ..\n"; $result = Sql_Query_Params("delete from $tables[list] where id = ?", array($delete)); $result = Sql_Query_Params("delete from $tables[listuser] where listid = ?", array($delete)); $result = Sql_Query_Params("delete from $tables[listmessage] where listid = ?", array($delete)); print '..' . $GLOBALS['I18N']->get('Done') . "<br /><hr /><br />\n"; + } } ## quick DB fix |
|
revision 1871 |