Incorrect permission check to delete freetags from objects in
- Status
- Closed
- Subject
- Incorrect permission check to delete freetags from objects in
- Version
- 18.x
- Category
- Error
- Less than 30-minutes fix
- Feature
- Modules
Tags - Resolution status
- Fixed or Solved
- Submitted by
- Rick Sapir / Tiki for Smarties
- Volunteered to solve
- Rick Sapir / Tiki for Smarties
- Lastmod by
- Rick Sapir / Tiki for Smarties
- Rating
- Description
When using the Freetag module, users must have tiki_p_admin permission to remove a tag from an object. This is incorrect, it should require tiki_p_unassign_freetags permission.
Line 9 of the freetag_list.tpl file should be changed from:
{if isset($deleteTag) and $tiki_p_admin eq 'y'} ...
to
{if isset($deleteTag) and $tiki_p_unassign_freetags eq 'y'} ...
- Solution
- Fixed in TRUNK with 65770. Backported to 18.x
- Importance
- 6
- Easy to solve?
- 10 easy
- Priority
- 60
- Demonstrate Bug on Tiki 19+
-
This bug has been demonstrated on show2.tiki.org
Please demonstrate your bug on show2.tiki.org
Accessing the Tiki instance that demonstrates this bugThe URL for the show2.tiki.org instance that demonstrates this bug is at: http://ricks-6399-6567.show2.tiki.org. Note that if you get a popup asking for a username/password, please just enter "show" and "show". This is different from the initial login and password for a new Tiki which is "admin" and "admin".
For the install log, see http://ricks-6399-6567.show2.tiki.org/info.txt
Note that if you see PHP errors or a Tiki claiming to be missing third party software, the instance creation is probably not finished. Please wait a couple minutes and reload.
SnapshotsSnapshots are database dumps of the configuration that developers can download for debugging. Once you have reproduced your bug on the show2.tiki.org instance, create a snapshot that can then be downloaded by developers for further investigation.
Snapshots can be accessed at: http://ricks-6399-6567.show2.tiki.org/snapshots/. Note that if you get a popup asking for a username/password, please just enter "show" and "show".
Create new snapshot - Demonstrate Bug (older Tiki versions)
-
This bug has been demonstrated on show.tikiwiki.org
Please demonstrate your bug on show.tikiwiki.org
Show.tiki.org is currently unavailableUnable to connect to show.tikiwiki.org. Please let us know of the problem so that we can do something about it. Thanks.
- Ticket ID
- 6567
- Created
- Friday 09 February, 2018 18:13:17 UTC
by Rick Sapir / Tiki for Smarties - LastModif
- Sunday 25 March, 2018 12:45:47 UTC