0001036: "view pdf file" in Forum is blocked by "denied access ..." even if Admin

View Issue Details [ Jump to Notes ]

[ Issue History ] [ Print ]

Project

Category

View Status

Date Submitted

Last Update

0001036

v3.0 Release

[All Projects] General

public

2011-12-17 12:17

2013-08-28 11:21

Reporter

project_manager

Assigned To

caseydk

Priority

normal

Severity

block

Reproducibility

random

Status

closed

Resolution

fixed

Product Version

Target Version

Fixed in Version

3.0.0

Summary

0001036: "view pdf file" in Forum is blocked by "denied access ..." even if Admin

Description

logical bug in ..\modules\forums\view_pdf.php in ALL versions (2.3.1 ...)

change this line:
//if (!$perms->checkModuleItem('forums', 'view', $message_id)) {

to:
if (!$perms->checkModuleItem('forums', 'view', $forum_id)) {

Permission is checked on the forum list, so "$forum_id" have to be used.

Randomly works/not work, because:

e.g. if forum_id: 1,2,3,4 (4x Forum topics are created)

if:
a) message_id: 10 (to pdf viewed) ---> permission check failed
b) message_id: 1,2,3,4 (in same range as forum_id) ---> ok.

Tags

No tags attached.

Attached Files

Relationships

Relationships

Notes
~0002356 sasquatch58 (reporter) 2011-12-17 14:38	Other possibility is to drop the message_id altogether as: $perms = &$AppUI->acl(); $canView = $perms->checkModuleItem($m, 'view'); if (!$canView) { $AppUI->redirect('m=public&a=access_denied'); }

~0002359 caseydk (administrator) 2011-12-22 20:59	Resolved in r2260 as described;

Notes

Date Modified	Username	Field	Change
Issue History
2011-12-17 12:17	project_manager	New Issue
2011-12-17 14:38	sasquatch58	Note Added: 0002356
2011-12-19 23:50	caseydk	Status	new => assigned
2011-12-19 23:50	caseydk	Assigned To	=> caseydk
2011-12-22 20:59	caseydk	Note Added: 0002359
2011-12-22 20:59	caseydk	Status	assigned => resolved
2011-12-22 20:59	caseydk	Resolution	open => fixed
2013-08-28 11:14	caseydk	Fixed in Version	=> 3.0.0
2013-08-28 11:21	caseydk	Status	resolved => closed

Issue History