phpBB Gallery - Bug tracker

Permissions incorrect (support request)

 

Please see topic viewtopic.php?f=101&t=3893

Guests have permissions that are not granted to them, even to albums where they have no access at all.

In the table `phpbb_gallery_users` the fields 'all user_permissions' and 'user_permissions_changed' are all the same for all users. This causes a security risk as a guest can delete all pictures.

Comments

Posted by nickvergessen » Sat Apr 21, 2012 12:55 pm

permissions_changed is just a timestamp which tells you when the permissions were modified the last time.

Posted by wlh1950 » Sat Apr 21, 2012 7:51 pm

You're right. Do you have a solution for the permissions problem?

Posted by nickvergessen » Sun Apr 22, 2012 4:19 pm

I can not reproduce the problem here. you might try to delete all data from phpbb_gallery_roles and phpbb_gallery_permissions, and clear all permission caches with:
Code: Select all
UPDATE phpbb_gallery_users SET user_permissions = '' AND user_permissions_changed = DATE()


Afterwards you need to create the permissions in ACP > MODs > phpBB Gallery > Permissions >
again.

Posted by wlh1950 » Sun Apr 22, 2012 6:03 pm

Thank just, just empty those two tables?

BTW, I made a donation (few weeks back), thank you for your work!

Ticket details

  • Ticket ID: 960
  • Project: Bug tracker
  • Status: Support request
  • Affected version: 1.1.5
  • Fix version: (unknown)
  • Assigned to: (unassigned)
  • Reported by: wlh1950
  • Reporter's tickets: List all tickets
  • Reported on: Sat Apr 21, 2012 8:30 am

Options

 

 


Powered by phpBB® Forum Software © phpBB Group
Time : 0.088s | 17 Queries | GZIP : Off