[kronolith] Calendar Permissions

Matthew Sackman matthew at sackman.co.uk
Sun May 4 15:41:30 PDT 2003


On Sun, May 04, 2003 at 09:01:06AM -0400, Chuck Hagenbuch wrote:
> Quoting Matthew Sackman <matthew at sackman.co.uk>:
> 
> > CVS HEAD seems to be broken, though that may well be horde rather than
> > kronolith (I'm getting pear DB errors).
> 
> It's not broken. You won't convince me, either, unless you actually give us
> the error messages you're getting.

I got to the bottom of it and it was a misconfiguration on my part.
Sorry.

> > And it's not fixed in either HEAD nor the default branch: I can still
> > send in a request to list all calendar events for user x, even though
> > I'm authenticating as user y and user x's calendar is private.
> 
> No idea what you mean by differentiating HEAD and the default branch. Have
> you updated Horde? The share fixes were in Horde, not just in Kronolith.

OK, if I just do a cvs -z 3 co horde then I get one version (what I
refer to as the default version). This is different from if I do cvs -z
3 co -r HEAD horde

The HEAD version suffers from the bug above whilst the 'default' version
doesn't. This is why I think that the HEAD version is broken - I assume
they both use the pgsql.php file.

And yes, today I've taked fresh checkouts of horde and kronolith from
both HEAD and default and both still leak the information in the manner
described.

Matthew
-- 
Matthew Sackman

BOFH excuse #102:
Power company testing new voltage spike (creation) equipment


More information about the kronolith mailing list