phplist

NOTE:: Before reporting an issue, make sure you are running the latest version, currently 3.3.1


View Issue Details Jump to Notes ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0015616phplist applicationUser Managementpublic22-05-11 19:0309-06-11 14:53
Reporterh2b2 
PrioritynormalSeverityminorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version2.10.14 
Target Version2.10.XFixed in Version2.10.15 
Summary0015616: Deleting users from the 'List all users' page doesn't work
Description'Del' doesn't remove user in the following situations:
1. when used on the 'list all users page' (admin/?page=users).
2. when used in the search results generated from the 'list all users page'
It does indeed work on the user details page.
Additional InformationRelated forum thread: http://forums.phplist.com/viewtopic.php?f=17&t=36219#p85689 [^]
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
(0051357)
rnreekez (reporter)
23-05-11 07:41

Hi,

I ran into this issue as well today. I made an edit to commonlib/pages/users.php.

At line 22 place the following:

$delete = $_GET['delete'];

The $delete variable was not set anywhere within the file so this should remedy the issue. Confirmed on my 2.10.14 installation.
(0051358)
rnreekez (reporter)
23-05-11 07:51

Minor edit to above note. I looked at the SVN and previous implementations used:

if(isset($_GET["delete"])){
      $delete = sprintf("%d",$_GET["delete"]);
}

I don't really see a difference between the two but hey, when in Rome.
(0051362)
michiel (manager)
09-06-11 14:44

the difference is that with the sprintf the value is sanitised as a number, to avoid possible Sql injections
(0051363)
michiel (manager)
09-06-11 14:52

http://phplist.svn.sourceforge.net/phplist/?rev=2760&view=rev [^]


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker