View Issue Details

IDProjectCategoryView StatusLast Update
0015378phplist applicationInterface - Backendpublic20-04-10 00:13
Reporteradrian15 
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product VersionFutureDevelopments 
Target Version2.10.12Fixed in Version2.10.12 
Summary0015378: editlist: Admin can create more lists than maximum list per admin
DescriptionI have created an admin named admin2.
I have logged in as admin2 and I have added a list.
Whenever I have come back to list of lists page (page=list) I have seen
that I had not any link to add a new list.

I think it is ok because somewhere at config.php there's a setting that
says that an admin can only have one mailing list per default.

But what does happen when admin2 writes something like:

http://domain.com/lists/admin/?page=editlist

Yes, here you are. He can add another list and it get listed and
page=list page.

Should not editlist.php check for the admin's lists number and forgive
the entrace if the maximum number of lists per admin have been reached?

I think that yes, so... here there is a patch for fixing this issue.
Additional InformationIn my opinnion this bug is severe. Please check if you can reproduce the bug in 2.10.10 and fix it. Thank you.
TagsNo tags attached.

Activities

30-11-09 21:04

 

svn_r1703_post_initial_02_patch_editlist_admin_can_add_new_lists_even_if_maxlist_reached.patch (1,017 bytes)
diff -urN svn_r1703_sin_punto_svn_improved_01_editlist_bugfix/phplist/public_html/lists/admin/editlist.php svn_r1703_sin_punto_svn_improved_01_editlist_bugfix_maxlist/phplist/public_html/lists/admin/editlist.php
--- svn_r1703_sin_punto_svn_improved_01_editlist_bugfix/phplist/public_html/lists/admin/editlist.php	2009-11-29 10:53:37.000000000 +0100
+++ svn_r1703_sin_punto_svn_improved_01_editlist_bugfix_maxlist/phplist/public_html/lists/admin/editlist.php	2009-11-29 11:22:10.000000000 +0100
@@ -19,6 +19,12 @@
           Fatal_Error($GLOBALS['I18N']->get('You do not have enough priviliges to view this page'));
           return;
         }
+      } else {
+	$numlists = Sql_Fetch_Row_query("select count(*) from {$tables['list']} where owner = " . $_SESSION['logindetails']['id']);
+	if (!($numlists[0] < MAXLIST)) {
+	  Fatal_Error($GLOBALS['I18N']->get('You cannot create a new list because you have reached maximum number of lists per admin.'));
+          return;
+	}
       }
       break;
     case "all":