| View Issue Details [ Jump to Notes ] | [ Print ] |
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0017365 | phplist application | Interface - Administrator | public | 08-09-14 16:24 | 26-09-14 11:59 |
|
| Reporter | ivilata | |
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | fixed | |
| Platform | | OS | Debian | OS Version | 7.5 Wheezy |
| Product Version | 3.0.7 | |
| Target Version | 3.0.9 | Fixed in Version | 3.0.9 | |
|
| Summary | 0017365: Reconcile users page not useful to normal admins? |
| Description | Normal administrators in my site can load the the "reconcileusers" page from "Subscribers/Reconcile subscribers", however by having a look at the code it looks like operations are only available to superusers, and e.g. moving users without list to a list doesn't work and shows no error message either.
Maybe just showing a "not enough access" message (à la "massunconfirm" page) would be better to avoid giving the user wrong expectations. I'm attaching a patch for that. |
| Tags | No tags attached. |
|
| Attached Files |  reconcileusers.php.diff [^] (403 bytes) 08-09-14 16:24 [Show Content] [Hide Content]--- reconcileusers.php.orig 2014-08-12 22:41:20.000000000 +0200
+++ reconcileusers.php 2014-09-08 17:15:45.446719861 +0200
@@ -4,6 +4,11 @@
<?php
require_once dirname(__FILE__).'/accesscheck.php';
+if (!isSuperUser()) {
+ print $GLOBALS['I18N']->get('Sorry, this page can only be used by super admins');
+ return;
+}
+
if (!is_object("date")) {
include_once dirname(__FILE__). "/date.php";
}
|
|
Relationships [ Relation Graph ]
[ Dependency Graph ]
Relationships 