Important: User edit bug

Author Message

Ole Morten Halvorsen

Monday 19 May 2003 4:24:05 am

As many have probably seen here http://ez.no/developer/ez_publish_3/forum/developer/users_editing_their_own_details
a bug was found enabling users to edit other users data. The password can not be changed, but the user account get disabled.

We are working on a fix to this problem now, until then disable the user module. Put this in your site.ini:

[SiteAccessRules]
Rules[]
Rules[]=Access;enable
Rules[]=ModuleAll;true
Rules[]=Access;disable
Rules[]=Module;user

We have disabled the user module here at ez.no, so until the problem is fixed login will not work.

Senior Software Engineer - Vision with Technology

http://www.visionwt.com
http://www.omh.cc
http://www.twitter.com/omh

eZ Certified Developer
http://ez.no/certification/verify/358441
http://ez.no/certification/verify/272578

Jan Borsodi

Monday 19 May 2003 7:13:03 am

A patch for the user edit bug can be found here:
http://ez.no/developer/ez_publish_3/contributions/security_fix_unchecked_user_edit

--
Amos

Documentation: http://ez.no/ez_publish/documentation
FAQ: http://ez.no/ez_publish/documentation/faq

Tony Wood

Monday 19 May 2003 7:43:06 am

Thank you for your fast and efficient resolution of this problem.

Tony Wood : twitter.com/tonywood
Vision with Technology
Experts in eZ Publish consulting & development

Power to the Editor!

Free eZ Training : http://www.VisionWT.com/training
eZ Future Podcast : http://www.VisionWT.com/eZ-Future

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.