[Interchange-bugs] [Bug 167] Changed - do_view without security check

bugzilla-daemon@localhost.akopia.com bugzilla-daemon@localhost.akopia.com
Thu, 12 Apr 2001 22:02:35 -0400


http://developer.akopia.com/bugs/show_bug.cgi?id=167

*** shadow/167	Wed Apr 11 18:44:27 2001
--- shadow/167.tmp.10067	Thu Apr 12 22:02:35 2001
***************
*** 3,10 ****
  Version: 4.6.4
  Platform: PC
  OS/Version: Linux
! Status: NEW   
! Resolution: 
  Severity: normal
  Priority: P3
  Component: UI
--- 3,10 ----
  Version: 4.6.4
  Platform: PC
  OS/Version: Linux
! Status: RESOLVED   
! Resolution: FIXED
  Severity: normal
  Priority: P3
  Component: UI
***************
*** 21,23 ****
--- 21,35 ----
  If user accesses this url -> http://macheine.name.com/cgi-
  bin/barry/admin/do_view?mv_arg=products/access.asc they see my user database. 
  WITHOUT LOGIN!
+ 
+ ------- Additional Comments From peasemj@bellatlantic.net  2001-04-12 22:02 -------
+ Added the following to the beginning of do_view.html 
+ Now it requires login to the UI.
+ 
+   [if-mm !advanced access=c]
+   [set ui_error]No permission to this page[/set]
+   [bounce page="__UI_BASE__/error"]
+   [/set]
+   [/if-mm]
+ 
+