Important: User edit bug

Next topic

Author	Message
Ole Morten Halvorsen	Monday 19 May 2003 4:24:05 am As many have probably seen here http://ez.no/developer/ez_publish_3/forum/developer/users_editing_their_own_details a bug was found enabling users to edit other users data. The password can not be changed, but the user account get disabled. We are working on a fix to this problem now, until then disable the user module. Put this in your site.ini: [SiteAccessRules] Rules[] Rules[]=Access;enable Rules[]=ModuleAll;true Rules[]=Access;disable Rules[]=Module;user We have disabled the user module here at ez.no, so until the problem is fixed login will not work. Senior Software Engineer - Vision with Technology http://www.visionwt.com http://www.omh.cc http://www.twitter.com/omh eZ Certified Developer http://ez.no/certification/verify/358441 http://ez.no/certification/verify/272578
Jan Borsodi	Monday 19 May 2003 7:13:03 am A patch for the user edit bug can be found here: http://ez.no/developer/ez_publish_3/contributions/security_fix_unchecked_user_edit -- Amos Documentation: http://ez.no/ez_publish/documentation FAQ: http://ez.no/ez_publish/documentation/faq
Tony Wood	Monday 19 May 2003 7:43:06 am Thank you for your fast and efficient resolution of this problem. Tony Wood : twitter.com/tonywood Vision with Technology Experts in eZ Publish consulting & development Power to the Editor! Free eZ Training : http://www.VisionWT.com/training eZ Future Podcast : http://www.VisionWT.com/eZ-Future

Author

Message

Monday 19 May 2003 4:24:05 am

As many have probably seen here http://ez.no/developer/ez_publish_3/forum/developer/users_editing_their_own_details
a bug was found enabling users to edit other users data. The password can not be changed, but the user account get disabled.

We are working on a fix to this problem now, until then disable the user module. Put this in your site.ini:

[SiteAccessRules]
Rules[]
Rules[]=Access;enable
Rules[]=ModuleAll;true
Rules[]=Access;disable
Rules[]=Module;user

We have disabled the user module here at ez.no, so until the problem is fixed login will not work.

Senior Software Engineer - Vision with Technology

http://www.visionwt.com
http://www.omh.cc
http://www.twitter.com/omh

eZ Certified Developer
http://ez.no/certification/verify/358441
http://ez.no/certification/verify/272578

Jan Borsodi

Monday 19 May 2003 7:13:03 am

A patch for the user edit bug can be found here:
http://ez.no/developer/ez_publish_3/contributions/security_fix_unchecked_user_edit

--
Amos

Documentation: http://ez.no/ez_publish/documentation
FAQ: http://ez.no/ez_publish/documentation/faq

Tony Wood

Monday 19 May 2003 7:43:06 am

Thank you for your fast and efficient resolution of this problem.

Tony Wood : twitter.com/tonywood
Vision with Technology
Experts in eZ Publish consulting & development

Power to the Editor!

Free eZ Training : http://www.VisionWT.com/training
eZ Future Podcast : http://www.VisionWT.com/eZ-Future

eZ debug

Timing:	Jan 18 2025 05:10:59
Script start
Timing:	Jan 18 2025 05:10:59
Module start 'layout'
Timing:	Jan 18 2025 05:10:59
Module start 'content'
Timing:	Jan 18 2025 05:11:00
Module end 'content'
Timing:	Jan 18 2025 05:11:00
Script end

Main resources:

Total runtime	0.8279 sec
Peak memory usage	4,096.0000 KB
Database Queries	59

Timing points:

Checkpoint	Start (sec)	Duration (sec)	Memory at start (KB)	Memory used (KB)
Script start	0.0000	0.0061	589.0000	152.6094
Module start 'layout'	0.0061	0.0028	741.6094	39.4141
Module start 'content'	0.0089	0.8175	781.0234	577.2344
Module end 'content'	0.8264	0.0014	1,358.2578	12.1797
Script end	0.8278		1,370.4375

Time accumulators:

Accumulator	Duration (sec)	Duration (%)	Count	Average (sec)
Ini load
Load cache	0.0035	0.4173	16	0.0002
Check MTime	0.0015	0.1833	16	0.0001
Mysql Total
Database connection	0.0006	0.0785	1	0.0006
Mysqli_queries	0.7769	93.8466	59	0.0132
Looping result	0.0006	0.0744	57	0.0000
Template Total	0.7935	95.8	2	0.3967
Template load	0.0022	0.2618	2	0.0011
Template processing	0.7913	95.5822	2	0.3957
Template load and register function	0.0002	0.0220	1	0.0002
states
state_id_array	0.0015	0.1838	1	0.0015
state_identifier_array	0.0017	0.2085	2	0.0009
Override
Cache load	0.0018	0.2144	20	0.0001
Sytem overhead
Fetch class attribute can translate value	0.0008	0.0952	3	0.0003
Fetch class attribute name	0.0020	0.2424	5	0.0004
XML
Image XML parsing	0.0011	0.1295	3	0.0004
class_abstraction
Instantiating content class attribute	0.0000	0.0024	5	0.0000
General
dbfile	0.0008	0.0947	23	0.0000
String conversion	0.0000	0.0013	4	0.0000
Note: percentages do not add up to 100% because some accumulators overlap

Templates used to render the page:

Usage	Requested template	Template	Template loaded
1	node/view/full.tpl	full/forum_topic.tpl	extension/sevenx/design/simple/override/templates/full/forum_topic.tpl
3	content/datatype/view/ezxmltext.tpl	<No override>	extension/community_design/design/suncana/templates/content/datatype/view/ezxmltext.tpl
3	content/datatype/view/ezxmltags/line.tpl	<No override>	design/standard/templates/content/datatype/view/ezxmltags/line.tpl
4	content/datatype/view/ezxmltags/paragraph.tpl	<No override>	extension/ezwebin/design/ezwebin/templates/content/datatype/view/ezxmltags/paragraph.tpl
2	content/datatype/view/ezimage.tpl	<No override>	extension/sevenx/design/simple/templates/content/datatype/view/ezimage.tpl
1	print_pagelayout.tpl	<No override>	extension/community/design/community/templates/print_pagelayout.tpl
Number of times templates used: 14 Number of unique templates used: 6

Time used to render debug report: 0.0001 secs