Issue: Editor has Administrator priviliges. Solution?

Next topic

Author	Message
elliot smelliot	Monday 19 May 2003 11:26:48 am Per document, http://www.ez.no/developer/ez_publish_3/bug_reports/urgent_security_risk_privilege_escalation_in_default_install, I am trying to run a student newspaper at my High School, and I would like reporters and editors to be able to add and modify articles (content), but whenever I try to take the “Users” permission away from the Editor’s role, it doesn’t allow the Editor to log in. I view this as a problem, since I don’t want any editor capable of taking over the whole system. On the message board, this was recommended: “Re: Roles and user 'drafts' help needed. To fix proplem with drafts you need to add new line at kernel/content/module.php line 194. "functions" => array( 'create' ), after that modification user will be able to access”
Paul Borgermans	Monday 19 May 2003 12:29:42 pm You must the editors al least a login right as one of the rules in the role fro them. You mustdisallow editing content of class user . Make sure you also apply the security patch posted earlier today. hth Paul eZ Publish, eZ Find, Solr expert consulting and training http://twitter.com/paulborgermans
elliot smelliot	Tuesday 17 June 2003 3:54:05 pm This issue is still truly unresolved. Can anyone make a suggestion or write out step by step instructions to fix this horrible issue. Thx.

Author

Message

Monday 19 May 2003 11:26:48 am

Per document, http://www.ez.no/developer/ez_publish_3/bug_reports/urgent_security_risk_privilege_escalation_in_default_install, I am trying to run a student newspaper at my High School, and I would like reporters and editors to be able to add and modify articles (content), but whenever I try to take the “Users” permission away from the Editor’s role, it doesn’t allow the Editor to log in. I view this as a problem, since I don’t want any editor capable of taking over the whole system.

On the message board, this was recommended:

“Re: Roles and user 'drafts' help needed.
To fix proplem with drafts you need to add new line at kernel/content/module.php line 194.
"functions" => array( 'create' ),
after that modification user will be able to access”

Paul Borgermans

Monday 19 May 2003 12:29:42 pm

You must the editors al least a login right as one of the rules in the role fro them. You mustdisallow editing content of class user . Make sure you also apply the security patch posted earlier today.

hth

Paul

eZ Publish, eZ Find, Solr expert consulting and training
http://twitter.com/paulborgermans

elliot smelliot

Tuesday 17 June 2003 3:54:05 pm

This issue is still truly unresolved. Can anyone make a suggestion or write out step by step instructions to fix this horrible issue. Thx.

eZ debug

Timing:	Jan 31 2025 03:23:23
Script start
Timing:	Jan 31 2025 03:23:23
Module start 'layout'
Timing:	Jan 31 2025 03:23:23
Module start 'content'
Timing:	Jan 31 2025 03:23:23
Module end 'content'
Timing:	Jan 31 2025 03:23:23
Script end

Main resources:

Total runtime	0.0239 sec
Peak memory usage	6,144.0000 KB
Database Queries	3

Timing points:

Checkpoint	Start (sec)	Duration (sec)	Memory at start (KB)	Memory used (KB)
Script start	0.0000	0.0044	588.3828	151.2422
Module start 'layout'	0.0044	0.0040	739.6250	220.7500
Module start 'content'	0.0084	0.0140	960.3750	997.8672
Module end 'content'	0.0224	0.0015	1,958.2422	33.9922
Script end	0.0239		1,992.2344

Time accumulators:

Accumulator	Duration (sec)	Duration (%)	Count	Average (sec)
Ini load
Load cache	0.0026	10.7929	14	0.0002
Check MTime	0.0010	4.1933	14	0.0001
Mysql Total
Database connection	0.0006	2.5399	1	0.0006
Mysqli_queries	0.0026	10.7531	3	0.0009
Looping result	0.0000	0.0418	1	0.0000
Template Total	0.0011	4.7	1	0.0011
Template load	0.0008	3.5219	1	0.0008
Template processing	0.0003	1.1863	1	0.0003
Override
Cache load	0.0006	2.5110	1	0.0006
General
dbfile	0.0029	12.2232	8	0.0004
String conversion	0.0000	0.0259	4	0.0000
Note: percentages do not add up to 100% because some accumulators overlap

Templates used to render the page:

Usage	Requested template	Template	Template loaded	Edit	Override
1	print_pagelayout.tpl	<No override>	extension/community/design/community/templates/print_pagelayout.tpl
Number of times templates used: 1 Number of unique templates used: 1

Time used to render debug report: 0.0001 secs