Anonymous Login
2019-02-22 12:23 PST

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0001036v3.0 Release[All Projects] Generalpublic2013-08-28 11:21
Reporterproject_manager 
Assigned Tocaseydk 
PrioritynormalSeverityblockReproducibilityrandom
StatusclosedResolutionfixed 
Product Version 
Target VersionFixed in Version3.0.0 
Summary0001036: "view pdf file" in Forum is blocked by "denied access ..." even if Admin
Descriptionlogical bug in ..\modules\forums\view_pdf.php in ALL versions (2.3.1 ...)

change this line:
//if (!$perms->checkModuleItem('forums', 'view', $message_id)) {

to:
if (!$perms->checkModuleItem('forums', 'view', $forum_id)) {

Permission is checked on the forum list, so "$forum_id" have to be used.

Randomly works/not work, because:

e.g. if forum_id: 1,2,3,4 (4x Forum topics are created)

if:
a) message_id: 10 (to pdf viewed) ---> permission check failed
b) message_id: 1,2,3,4 (in same range as forum_id) ---> ok.


  
TagsNo tags attached.
Attached Files

-Relationships
+Relationships

-Notes

~0002356

sasquatch58 (reporter)

Other possibility is to drop the message_id altogether as:

$perms = &$AppUI->acl();
$canView = $perms->checkModuleItem($m, 'view');
if (!$canView) {
   $AppUI->redirect('m=public&a=access_denied');
}

~0002359

caseydk (administrator)

Resolved in r2260 as described;
+Notes

-Issue History
Date Modified Username Field Change
2011-12-17 12:17 project_manager New Issue
2011-12-17 14:38 sasquatch58 Note Added: 0002356
2011-12-19 23:50 caseydk Status new => assigned
2011-12-19 23:50 caseydk Assigned To => caseydk
2011-12-22 20:59 caseydk Note Added: 0002359
2011-12-22 20:59 caseydk Status assigned => resolved
2011-12-22 20:59 caseydk Resolution open => fixed
2013-08-28 11:14 caseydk Fixed in Version => 3.0.0
2013-08-28 11:21 caseydk Status resolved => closed
+Issue History