[bugs] [Bug 1213] New - Source not remembered between searches in
address book
bugs at bugs.horde.org
bugs at bugs.horde.org
Thu Mar 27 20:54:56 PST 2003
http://bugs.horde.org/show_bug.cgi?id=1213
*** shadow/1213 Thu Mar 27 20:54:55 2003
--- shadow/1213.tmp.19486 Thu Mar 27 20:54:56 2003
***************
*** 0 ****
--- 1,36 ----
+ Bug#: 1213
+ Product: Horde
+ Version: 2.0 Stable
+ Platform: Mozilla 5.x
+ OS/Version: Linux
+ Status: NEW
+ Resolution:
+ Severity: major
+ Priority: P3
+ Component: Turba
+ Area: BUILD
+ AssignedTo: chuck at horde.org
+ ReportedBy: c.green at its.uq.edu.au
+ URL:
+ Summary: Source not remembered between searches in address book
+
+ To recreate bug :
+
+ Set up two sources in config/sources.php
+ Do a search using the first source
+ Change the source and do a second search
+
+ Right click on the results from the first search and their source will be set to
+ the source of the second search.
+
+ This is ugly, as well it created a major security flaw for us in that we had one
+ source with read only set to true, and on the others it was false. By doing the
+ above, the user could edit and delete information which shouldn't be available
+ to them, as well as view other users private details. Users managed to delete
+ other people from the sources and one deleted themselves.
+
+ For people with the above configuration, I would class this as a pretty major
+ security flaw.
+
+
+
More information about the bugs
mailing list