Users editing their own details

Sunday 18 May 2003 11:10:46 am

SNIP

Tony Wood : twitter.com/tonywood
Vision with Technology
Experts in eZ Publish consulting & development

Power to the Editor!

Free eZ Training : http://www.VisionWT.com/training
eZ Future Podcast : http://www.VisionWT.com/eZ-Future

Monday 19 May 2003 12:41:06 am

SNIP

Tony Wood : twitter.com/tonywood
Vision with Technology
Experts in eZ Publish consulting & development

Power to the Editor!

Free eZ Training : http://www.VisionWT.com/training
eZ Future Podcast : http://www.VisionWT.com/eZ-Future

Monday 19 May 2003 2:40:32 am

Selmah,
read http://ez.no/developer/ez_publish_3/bug_reports/urgent_security_risk_privilege_escalation_in_default_install

as to why the demo uses the IMHO braindead setup it does, I have no idea.

Visit http://triligon.org

Monday 19 May 2003 2:42:02 am

SNIP

Tony Wood : twitter.com/tonywood
Vision with Technology
Experts in eZ Publish consulting & development

Power to the Editor!

Free eZ Training : http://www.VisionWT.com/training
eZ Future Podcast : http://www.VisionWT.com/eZ-Future

Monday 19 May 2003 2:49:15 am

beep

Monday 19 May 2003 2:58:14 am

the bug that edit.php must check the user id in the session and the requested user id !

Monday 19 May 2003 3:04:08 am

yeah ...
how did ez team didn`t check this bug ... i think all ez sites is buged !

Monday 19 May 2003 3:09:34 am

opppsss ...

I think better if one of editors close, or delete this forum !

Monday 19 May 2003 3:21:18 am

btw ..

i found something else, bigger bug, found while am testing on my localhost, this bug make ez32 admin interface open for guests !

Monday 19 May 2003 3:23:50 am

Good eye though Selmah, you should be on the eZ security advisory :)

Tony Wood : twitter.com/tonywood
Vision with Technology
Experts in eZ Publish consulting & development

Power to the Editor!

Free eZ Training : http://www.VisionWT.com/training
eZ Future Podcast : http://www.VisionWT.com/eZ-Future