View Issue Details

IDProjectCategoryView StatusLast Update
0015616phplist applicationUser Managementpublic09-06-11 13:53
Reporterh2b2 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version2.10.14 
Target Version2.10.XFixed in Version2.10.15 
Summary0015616: Deleting users from the 'List all users' page doesn't work
Description'Del' doesn't remove user in the following situations:
1. when used on the 'list all users page' (admin/?page=users).
2. when used in the search results generated from the 'list all users page'
It does indeed work on the user details page.
Additional InformationRelated forum thread: http://forums.phplist.com/viewtopic.php?f=17&t=36219#p85689
TagsNo tags attached.

Activities

rnreekez

23-05-11 06:41

reporter   ~0051357

Hi,

I ran into this issue as well today. I made an edit to commonlib/pages/users.php.

At line 22 place the following:

$delete = $_GET['delete'];

The $delete variable was not set anywhere within the file so this should remedy the issue. Confirmed on my 2.10.14 installation.

rnreekez

23-05-11 06:51

reporter   ~0051358

Minor edit to above note. I looked at the SVN and previous implementations used:

if(isset($_GET["delete"])){
      $delete = sprintf("%d",$_GET["delete"]);
}

I don't really see a difference between the two but hey, when in Rome.

michiel

09-06-11 13:44

manager   ~0051362

the difference is that with the sprintf the value is sanitised as a number, to avoid possible Sql injections

michiel

09-06-11 13:52

manager   ~0051363

http://phplist.svn.sourceforge.net/phplist/?rev=2760&view=rev