View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0017365 | phpList 3 application | Interface - Administrator | public | 08-09-14 15:24 | 26-09-14 10:59 |
Reporter | ivilata | ||||
Priority | normal | Severity | minor | Reproducibility | always |
Status | resolved | Resolution | fixed | ||
Platform | OS | Debian | OS Version | 7.5 Wheezy | |
Product Version | 3.0.7 | ||||
Target Version | 3.0.9 | Fixed in Version | 3.0.9 | ||
Summary | 0017365: Reconcile users page not useful to normal admins? | ||||
Description | Normal administrators in my site can load the the "reconcileusers" page from "Subscribers/Reconcile subscribers", however by having a look at the code it looks like operations are only available to superusers, and e.g. moving users without list to a list doesn't work and shows no error message either. Maybe just showing a "not enough access" message (à la "massunconfirm" page) would be better to avoid giving the user wrong expectations. I'm attaching a patch for that. | ||||
Tags | No tags attached. | ||||
|
reconcileusers.php.diff (403 bytes)
--- reconcileusers.php.orig 2014-08-12 22:41:20.000000000 +0200 +++ reconcileusers.php 2014-09-08 17:15:45.446719861 +0200 @@ -4,6 +4,11 @@ <?php require_once dirname(__FILE__).'/accesscheck.php'; +if (!isSuperUser()) { + print $GLOBALS['I18N']->get('Sorry, this page can only be used by super admins'); + return; +} + if (!is_object("date")) { include_once dirname(__FILE__). "/date.php"; } |
|
yes, I agree |