phplist

NOTE:: Before reporting an issue, make sure you are running the latest version, currently 3.3.1


View Issue Details Jump to Notes ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0015377phplist applicationInterface - Backendpublic30-11-09 21:0101-11-12 20:30
Reporteradrian15 
PrioritynormalSeveritymajorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product VersionFutureDevelopments 
Target Version4.0.xFixed in Version2.11.8 
Summary0015377: Editlist: Admin can edit other admins' lists and stole them
DescriptionWriting the id from
another list from another admin
(http://domain.com/lists/admin/?page=editlist&id=3 [^]) you can save the
list and stole it (stole the ownership) !!!

I attach a patch that solves the issue.
Additional InformationPlease check if the bug also applies to 2.10.10 and fix it. I think it is a severe bug.
TagsNo tags attached.
Attached Filespatch file icon svn_r1703_post_initial_01_patch_editlist_admin_can_edit_other_admins_lists.patch [^] (937 bytes) 30-11-09 21:01 [Show Content]

- Relationships
related to 0015372resolvedmichiel An admin can delete other admins lists without being the owner 

-  Notes
(0050894)
h2b2 (manager)
14-04-10 14:33

Haven't checked this yet in 2.10.10 and 2.10.11. If it doesn't apply for these releases, then target version should be changed from 2.10.12 to 2.11.4
(0050932)
michiel (manager)
19-04-10 20:11


checked in the 2.10 branch, and should be ok there, so marking for 2.11
(0051836)
michiel (manager)
01-11-12 20:30

seems ok in trunk


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker