[ic] Jon J's Security Patch
Christopher VanOosterhout
interchange-users@lists.akopia.com
Tue Jun 12 21:52:00 2001
Jon and All,
Recently you issued a patch. Thanks!!
Now I have one problem ... what do I do with it?
I understand that this may not be within the scope of this list, but
frankly I have no idea how to "patch" my software.
What do I do with the code you have listed below? Do I insert this
somewhere? Is there documentation I can read for guidance?
Thanks for any help you can give me.
Christopher
Here is a patch to 4.6.5 that fixes the (extremely rare) problem
Christopher VanOosterhout found where the admin UI allowed unrestricted
access if there was no 'access' database whatsoever. Patches have been
committed to both the stable and development branches in CVS.
Thanks, Christopher.
Jon
Index: Primitive.pm
===================================================================
RCS file: /var/cvs/interchange/dist/lib/UI/Primitive.pm,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- Primitive.pm 2001/02/02 02:09:57 1.26
+++ Primitive.pm 2001/06/08 18:58:43 1.27
@@ -23,7 +23,7 @@
package UI::Primitive;
-$VERSION = substr(q$Revision: 1.26 $, 10);
+$VERSION = substr(q$Revision: 1.27 $, 10);
$DEBUG = 0;
use vars qw!
@@ -163,9 +163,9 @@
my $try = shift;
my $table;
$Global::SuperUserFunction = \&is_super;
- my $default = defined $Global::Variable->{UI_ACL}
- ? (! $Global::Variable->{UI_ACL})
- : 1;
+ my $default = defined $Global::Variable->{UI_SECURITY_OVERRIDE}
+ ? $Global::Variable->{UI_SECURITY_OVERRIDE}
+ : 0;
$table = $::Variable->{UI_ACCESS_TABLE} || 'access';
$Vend::WriteDatabase{$table} = 1;
my $db = Vend::Data::database_exists_ref($table);