VirtueMart Forum

VirtueMart 2 + 3 + 4 => Virtuemart Development and bug reports => Development & Testing => Topic started by: t.vdmeulen on July 02, 2014, 08:50:35 AM

Title: Bug (fix) in user edit permission check
Post by: t.vdmeulen on July 02, 2014, 08:50:35 AM
Dear virtuemart development team,

We have found a bug in VM 2.9.6.

administrator/components/com_virtuemart/tables/userinfos.php: 103
The check to see if a user is admin misses an exclamation mark.

Old: $user->authorise('core.admin','com_virtuemart')
New: !$user->authorise('core.admin','com_virtuemart')

So if a user is not an admin check to see if the user id's matches so the user can be updated and otherwise report as "hacking attempt"
Title: Re: Bug (fix) in user edit permission check
Post by: Milbo on July 02, 2014, 13:14:41 PM
Thanks, was already fixed ( dont know how long ago)
time to upload the new version.