[pmwiki-users] Bug report for UserAuth2

Olle Bergkvist ollebe at student.chalmers.se
Tue Nov 11 19:08:46 CST 2008


Hello users, hello ThomasP, i found a pretty silly bug in latest
UserAuth2. File is cookbook/userauth2/userauth1-admintool.php, line is 545
and onwards.

Original: ---------
  // admin_action == 'deluser' or == 'delgroup'

  if (isset($reqVars['tool_confirm'])) {
    if (!isValidPermHolderString($tool_username, $groupaction) ||
        !doesPermHolderExist($tool_username, $groupaction, false))
      PrintAdminToolPageAndExit( $pagename,
        ($groupaction ? $GroupNotExistsFmt : $UserNotExistsFmt)
      );
-----------------

In the line "if (isset($reqVars['tool_confirm'])) {" it is not enough to
check that $reqVars['tool_confirm'] is set. It could be set, but set to
"No". That's why the user/group is deleted even though i click "No, i dont
want to delete". The string must equal "Yes".

Something like this:--------
  // admin_action == 'deluser' or == 'delgroup'

// ollebe - check so that the answer is YES
  if (isset($reqVars['tool_confirm']) && $reqVars['tool_confirm']=="Yes") {
    if (!isValidPermHolderString($tool_username, $groupaction) ||
        !doesPermHolderExist($tool_username, $groupaction, false))
      PrintAdminToolPageAndExit( $pagename,
        ($groupaction ? $GroupNotExistsFmt : $UserNotExistsFmt)
      );
--------------------------

Thanks for UserAuth2 btw, for the most part it's great! And also, PLEASE
read in your inbox the security-related emails i sent you from this email
address, i think it's rather important.

//Olle Bergkvist





More information about the pmwiki-users mailing list