eZ Community » Forums » General » Important: User edit bug
expandshrink

Important: User edit bug

Important: User edit bug

Monday 19 May 2003 1:24:05 pm - 2 replies

As many have probably seen here http://ez.no/developer/ez_publish...oper/users_editing_their_own_details
a bug was found enabling users to edit other users data. The password can not be changed, but the user account get disabled.

We are working on a fix to this problem now, until then disable the user module. Put this in your site.ini:

[SiteAccessRules]
Rules[]
Rules[]=Access;enable
Rules[]=ModuleAll;true
Rules[]=Access;disable
Rules[]=Module;user

We have disabled the user module here at ez.no, so until the problem is fixed login will not work.

Modified on Monday 19 May 2003 1:26:31 pm by Ole Morten Halvorsen

Monday 19 May 2003 4:13:03 pm

A patch for the user edit bug can be found here:
http://ez.no/developer/ez_publish...ons/security_fix_unchecked_user_edit

Monday 19 May 2003 4:43:06 pm

Thank you for your fast and efficient resolution of this problem.

expandshrink

You must be logged in to post messages in this topic!

36 542 Users on board!

Forums menu

Proudly Developed with from