Bug (fix) in user edit permission check

Started by t.vdmeulen, July 02, 2014, 08:50:35 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

t.vdmeulen

July 02, 2014, 08:50:35 AM
Dear virtuemart development team,

We have found a bug in VM 2.9.6.

administrator/components/com_virtuemart/tables/userinfos.php: 103
The check to see if a user is admin misses an exclamation mark.

Old:
Code Select
$user->authorise('core.admin','com_virtuemart')
New:
Code Select
!$user->authorise('core.admin','com_virtuemart')

So if a user is not an admin check to see if the user id's matches so the user can be updated and otherwise report as "hacking attempt"

Milbo

#1
July 02, 2014, 13:14:41 PM
Thanks, was already fixed ( dont know how long ago)
time to upload the new version.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/
Print
Go Up Pages1
User actions