Author Topic: Bug (fix) in user edit permission check  (Read 1000 times)

t.vdmeulen

  • Contributing Developer
  • Beginner
  • *
  • Posts: 7
Bug (fix) in user edit permission check
« on: July 02, 2014, 08:50:35 am »
Dear virtuemart development team,

We have found a bug in VM 2.9.6.

administrator/components/com_virtuemart/tables/userinfos.php: 103
The check to see if a user is admin misses an exclamation mark.

Old:
Code: [Select]
$user->authorise('core.admin','com_virtuemart')New:
Code: [Select]
!$user->authorise('core.admin','com_virtuemart')
So if a user is not an admin check to see if the user id's matches so the user can be updated and otherwise report as "hacking attempt"

Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 10040
  • VM3.2 Cached and Optimized
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
Re: Bug (fix) in user edit permission check
« Reply #1 on: July 02, 2014, 13:14:41 pm »
Thanks, was already fixed ( dont know how long ago)
time to upload the new version.
I should fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/