Re: Re: Security Mailing List

Documentation

Forum List Topic List

Re: Re: Security Mailing List

Posted by sylvie greverend 03 Oct 2005 12:54 GMT-0000 posts: 1092

> I am having issues with tiki-editpage.php.
>
> Tiki-editpage.php allows users without the correct permissions to open and edit pages that they cannot see.
>
> Tiki-index.php does stop the user from seeing the page, but it does not stop the user from editing what they are not supposed to edit.
>
> Someone gave me some advice in regards to line 24 in tiki-editpage.php, but it did not help the issue.
>
> Can anyone explain this behavior? I think that this qualifies as a security breach.
>
> thanks.
>
>
Which release? I fixed at least a security hole in 1.9 CVS
http://cvs.sourceforge.net/viewcvs.py/tikiwiki/tiki/tiki-editpage.php?r1=1.89.2.37&r2=1.89.2.38

Reads: 701

Link

There are no comments at this time.

Jump to forum:

Upcoming Events

1)	16 May 2024 14:00 GMT-0000 Tiki Roundtable Meeting
2)	20 Jun 2024 14:00 GMT-0000 Tiki Roundtable Meeting
3)	18 Jul 2024 14:00 GMT-0000 Tiki Roundtable Meeting
4)	15 Aug 2024 14:00 GMT-0000 Tiki Roundtable Meeting
5)	19 Sep 2024 14:00 GMT-0000 Tiki Roundtable Meeting
6)	08 Oct 2024 Tiki birthday
7)	17 Oct 2024 14:00 GMT-0000 Tiki Roundtable Meeting
8)	21 Nov 2024 14:00 GMT-0000 Tiki Roundtable Meeting
9)	19 Dec 2024 14:00 GMT-0000 Tiki Roundtable Meeting

Latest Page Changes

...more

Documentation