portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 15975] New: - Security: other users can Customize actions from the url.
Date Fri, 10 Jan 2003 20:23:11 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15975>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15975

Security: other users can Customize actions from the url.

           Summary: Security: other users can Customize actions from the
                    url.
           Product: Jetspeed
           Version: 1.4b3-dev / CVS
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Major
          Priority: Other
         Component: Security
        AssignedTo: jetspeed-dev@jakarta.apache.org
        ReportedBy: jarnott@bridge.com


Just type in from an newly opened browser...

Login in as a user other then admin.

.../jetspeed/portal/media-type/html/user/admin/page/default.psml?action=controls.Customize

This will work for any user just substitue the admin above.

Delete a pane from the list.
No Apply button? No problem! just type in this URL.

.../jetspeed/portal/media-type/html/user/admin/page/default.psml/template/Customize?action=controllers.MultiColumnControllerAction&eventSubmit_doSave=Save%20and%20Apply

--
To unsubscribe, e-mail:   <mailto:jetspeed-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:jetspeed-dev-help@jakarta.apache.org>


Mime
View raw message