bugSavane - Bugs: bug #703, news tracker disallow viewing...

 
 
Show feedback again

You are not allowed to post comments on this tracker with your current authentification level.

bug #703: news tracker disallow viewing summaries

Submitted by:  Mathieu Roy <yeupou>
Submitted on:  Mon 13 Sep 2004 02:29:15 PM UTC  
 
Category: Web Frontend: NewsStatus: Fixed
Severity: 6 - SecurityPriority: C - Normal
Assigned to: Mathieu Roy <yeupou>Open/Closed: Closed
Release: Planned Release: 
Reproducibility: NonePrivacy: Public

Thu 16 Sep 2004 06:57:56 PM UTC, comment #1:

The following code was responsible for this unusual behavior.

if ($_POST['limit'])
{
$limit= $_POST['limit'];
}
elseif ($_GET['limit'])
{
$group_id = $_GET['limit'];
}

Unable to understand why it created such a problem (I noticed adding amp; to the & was helpful, but there should not be any need to add such amp; to and & generated by a form, and not by the code us), I simply commented it out.

Lorenzo, as it was yours, maybe you know better was could be the cause of trouble.
I suspect this page will no longer works with register globals off.

Almost off-topic:
In fact, I suspect getting register globals off to be achievable only with a recently started PHP application. And, well, the major advantage of PHP was simplicity. But with registers global set to off, it definitely no longer have any advantage on perl.
Reading http://tnx.nl/php just confort my opinion.

Mathieu Roy <yeupou>
Project AdministratorIn charge of this item.
Mon 13 Sep 2004 02:29:15 PM UTC, original submission:

No way to browse as we should be able to

https://gna.org/news/index.php?group=admin&limit=100
returns "insufficient group access"

https://gna.org/news/index.php?group=admin&limit=10
returns "this project does not use this tracker"

Mathieu Roy <yeupou>
Project AdministratorIn charge of this item.

 

No files currently attached

 

Depends on the following items: None found

Items that depend on this one: None found

 

Carbon-Copy List
  • -unavailable- added by yeupou
  • -unavailable- added by yeupou (Submitted the item)

    •  

    Do you think this task is very important?
    If so, you can click here to add your encouragement to it.
    This task has 0 encouragements so far.

    Only logged-in users can vote.

     

    Please enter the title of George Orwell's famous dystopian book (it's a date):

     

     

    Follow 5 latest changes.

    Date Changed By Updated Field Previous Value => Replaced By
    Thu 16 Sep 2004 06:57:57 PM UTCyeupouCarbon-Copy-=>Added lorenzo
    Thu 16 Sep 2004 06:57:56 PM UTCyeupouSeverity3 - Normal=>6 - Security
      StatusNone=>Fixed
      Assigned toNone=>yeupou
      Open/ClosedOpen=>Closed
    Show feedback again

    Back to the top


    Copyright (C) 2004-2006, the Gna! people. Posted items are owned by whoever posted them.
    Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.

    Powered by Savane 3.1-cleanup