Forums / General / Important: User edit bug
Ole Morten Halvorsen
Monday 19 May 2003 4:24:05 am
As many have probably seen here http://ez.no/developer/ez_publish_3/forum/developer/users_editing_their_own_detailsa bug was found enabling users to edit other users data. The password can not be changed, but the user account get disabled.
We are working on a fix to this problem now, until then disable the user module. Put this in your site.ini:
[SiteAccessRules] Rules[] Rules[]=Access;enable Rules[]=ModuleAll;true Rules[]=Access;disableRules[]=Module;user
We have disabled the user module here at ez.no, so until the problem is fixed login will not work.
Senior Software Engineer - Vision with Technology http://www.visionwt.com http://www.omh.cc http://www.twitter.com/omh eZ Certified Developer http://ez.no/certification/verify/358441 http://ez.no/certification/verify/272578
Jan Borsodi
Monday 19 May 2003 7:13:03 am
A patch for the user edit bug can be found here:http://ez.no/developer/ez_publish_3/contributions/security_fix_unchecked_user_edit
-- Amos Documentation: http://ez.no/ez_publish/documentation FAQ: http://ez.no/ez_publish/documentation/faq
Tony Wood
Monday 19 May 2003 7:43:06 am
Thank you for your fast and efficient resolution of this problem.
Tony Wood : twitter.com/tonywood Vision with Technology Experts in eZ Publish consulting & development Power to the Editor! Free eZ Training : http://www.VisionWT.com/training eZ Future Podcast : http://www.VisionWT.com/eZ-Future
Script start
Module start 'content'
Module end 'content'
Script end
Time used to render debug report: 0.0001 secs