[Interchange-bugs] [Bug 167] Changed - do_view without security check
bugzilla-daemon@localhost.akopia.com
bugzilla-daemon@localhost.akopia.com
Thu, 12 Apr 2001 22:02:35 -0400
http://developer.akopia.com/bugs/show_bug.cgi?id=167
*** shadow/167 Wed Apr 11 18:44:27 2001
--- shadow/167.tmp.10067 Thu Apr 12 22:02:35 2001
***************
*** 3,10 ****
Version: 4.6.4
Platform: PC
OS/Version: Linux
! Status: NEW
! Resolution:
Severity: normal
Priority: P3
Component: UI
--- 3,10 ----
Version: 4.6.4
Platform: PC
OS/Version: Linux
! Status: RESOLVED
! Resolution: FIXED
Severity: normal
Priority: P3
Component: UI
***************
*** 21,23 ****
--- 21,35 ----
If user accesses this url -> http://macheine.name.com/cgi-
bin/barry/admin/do_view?mv_arg=products/access.asc they see my user database.
WITHOUT LOGIN!
+
+ ------- Additional Comments From peasemj@bellatlantic.net 2001-04-12 22:02 -------
+ Added the following to the beginning of do_view.html
+ Now it requires login to the UI.
+
+ [if-mm !advanced access=c]
+ [set ui_error]No permission to this page[/set]
+ [bounce page="__UI_BASE__/error"]
+ [/set]
+ [/if-mm]
+
+