View Issue Details

IDProjectCategoryView StatusLast Update
0015377phplist applicationInterface - Backendpublic01-11-12 20:30
Reporteradrian15 
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product VersionFutureDevelopments 
Target Version4.0.xFixed in Version2.11.8 
Summary0015377: Editlist: Admin can edit other admins' lists and stole them
DescriptionWriting the id from
another list from another admin
(http://domain.com/lists/admin/?page=editlist&id=3) you can save the
list and stole it (stole the ownership) !!!

I attach a patch that solves the issue.
Additional InformationPlease check if the bug also applies to 2.10.10 and fix it. I think it is a severe bug.
TagsNo tags attached.

Relationships

related to 0015372 resolvedmichiel An admin can delete other admins lists without being the owner 

Activities

30-11-09 21:01

 

svn_r1703_post_initial_01_patch_editlist_admin_can_edit_other_admins_lists.patch (937 bytes)
diff -urN svn_r1703_sin_punto_svn_improved_01/phplist/public_html/lists/admin/editlist.php svn_r1703_sin_punto_svn_improved_01_editlist_bugfix/phplist/public_html/lists/admin/editlist.php
--- svn_r1703_sin_punto_svn_improved_01/phplist/public_html/lists/admin/editlist.php	2009-11-28 14:10:13.000000000 +0100
+++ svn_r1703_sin_punto_svn_improved_01_editlist_bugfix/phplist/public_html/lists/admin/editlist.php	2009-11-29 10:53:37.000000000 +0100
@@ -2,6 +2,12 @@
 
 require_once 'accesscheck.php';
 
+if (!empty($_GET['id'])) {
+  $id = sprintf('%d',$_GET["id"]);
+} else {
+  $id = 0;
+}
+
 if ($GLOBALS["require_login"] && !isSuperUser()) {
   $access = accessLevel("list");
   switch ($access) {
@@ -28,11 +34,6 @@
   }
 }
 
-if (!empty($_GET['id'])) {
-  $id = sprintf('%d',$_GET["id"]);
-} else {
-  $id = 0;
-}
 if ($id)
   echo "<br />".PageLink2("members",$GLOBALS['I18N']->get('Members of this list'),"id=$id");
 echo "<hr />";

h2b2

14-04-10 13:33

manager   ~0050894

Haven't checked this yet in 2.10.10 and 2.10.11. If it doesn't apply for these releases, then target version should be changed from 2.10.12 to 2.11.4

michiel

19-04-10 19:11

manager   ~0050932


checked in the 2.10 branch, and should be ok there, so marking for 2.11

michiel

01-11-12 20:30

manager   ~0051836

seems ok in trunk