View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
---|---|---|---|---|---|---|---|---|---|
0001036 | v3.0 Release | [All Projects] General | public | 2011-12-17 12:17 | 2013-08-28 11:21 | ||||
Reporter | project_manager | ||||||||
Assigned To | caseydk | ||||||||
Priority | normal | Severity | block | Reproducibility | random | ||||
Status | closed | Resolution | fixed | ||||||
Product Version | |||||||||
Target Version | Fixed in Version | 3.0.0 | |||||||
Summary | 0001036: "view pdf file" in Forum is blocked by "denied access ..." even if Admin | ||||||||
Description | logical bug in ..\modules\forums\view_pdf.php in ALL versions (2.3.1 ...) change this line: //if (!$perms->checkModuleItem('forums', 'view', $message_id)) { to: if (!$perms->checkModuleItem('forums', 'view', $forum_id)) { Permission is checked on the forum list, so "$forum_id" have to be used. Randomly works/not work, because: e.g. if forum_id: 1,2,3,4 (4x Forum topics are created) if: a) message_id: 10 (to pdf viewed) ---> permission check failed b) message_id: 1,2,3,4 (in same range as forum_id) ---> ok. | ||||||||
Tags | No tags attached. | ||||||||
Attached Files |
|
![]() |
|
sasquatch58 (reporter) 2011-12-17 14:38 |
Other possibility is to drop the message_id altogether as: $perms = &$AppUI->acl(); $canView = $perms->checkModuleItem($m, 'view'); if (!$canView) { $AppUI->redirect('m=public&a=access_denied'); } |
caseydk (administrator) 2011-12-22 20:59 |
Resolved in r2260 as described; |
![]() |
|||
Date Modified | Username | Field | Change |
---|---|---|---|
2011-12-17 12:17 | project_manager | New Issue | |
2011-12-17 14:38 | sasquatch58 | Note Added: 0002356 | |
2011-12-19 23:50 | caseydk | Status | new => assigned |
2011-12-19 23:50 | caseydk | Assigned To | => caseydk |
2011-12-22 20:59 | caseydk | Note Added: 0002359 | |
2011-12-22 20:59 | caseydk | Status | assigned => resolved |
2011-12-22 20:59 | caseydk | Resolution | open => fixed |
2013-08-28 11:14 | caseydk | Fixed in Version | => 3.0.0 |
2013-08-28 11:21 | caseydk | Status | resolved => closed |