Mahara

Edit permission not checked in newviewtoken.json.php

Series 1.2
Bug #771592

Bug #771592 reported by Richard Mansfield on 2011-04-27

258

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Mahara	Fix Released	High	Richard Mansfield	Mahara 1.4.0
1.2	Fix Released	High	Richard Mansfield	Mahara 1.2.9
1.3	Fix Released	High	Richard Mansfield	Mahara 1.3.6

Bug Description

On master, the script is no longer used and should be deleted altogether.
On 1.2/1.3, we need to check that the logged in user has permission to edit the view.

CVE References

2011-1402

Revision history for this message

Richard Mansfield (richard-mansfield) wrote on 2011-04-27:

patch for 1.2/1.3 Edit (1.2 KiB, text/plain)

François Marier (fmarier) on 2011-05-10

visibility:

private → public

Richard Mansfield (richard-mansfield) on 2011-05-10

Changed in mahara:
status:	In Progress → Fix Committed
milestone:	none → 1.4.0

François Marier (fmarier) on 2011-06-14

Changed in mahara:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

patch for 1.2/1.3 Edit

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.