In-Portal Issue Tracker

Welcome to the In-Portal Open Source CMS Issue Tracker! This is a central management / tracking tool for all types of tasks / issues / bugs for the In-Portal Project. Before reporting any issues, please make sure to read the Guide into Issue Tracker and How to Properly Test and Report Bugs!

Viewing Issue Advanced Details Jump to Notes ] Wiki ] View Simple ] Issue History ] Print ]
ID Category Type Reproducibility Date Submitted Last Update
0000025 [In-Portal CMS] Security bug report always 2009-05-20 14:50 2009-10-03 07:56
Reporter alex View Status public Project Name In-Portal CMS
Assigned To alex Developer
Priority normal Resolution fixed Platform
Status closed   OS
  OS Version
ETA none Fixed in Version 5.0.0 Product Version 4.3.9
  Target Version 5.0.0 Product Build
Time EstimateNo estimate
Summary 0000025: Non-root user can't use copy/cut/paste buttons in catalog.
Description For 5.0.0 release permission checking for category items and categories was changed. Now all events in temp tables are allowed, but other events (specified in event handler) are checked by individual logic.

Problem is, that OnCut, OnCopy, OnPaste, OnPasteClipboard events are not specified at all and that's why are denied for execution in any circumstances.

What permissions should be checked:
OnCut - delete right in category, where cut button was pressed.
OnCopy - no permission required, because it doesn't change data.
OnPaste, OnPasteClipboard - add right for category, where paste is performed.
Steps To Reproduce
Additional Information
Tags No tags attached.
Reference
Change Log Message
Estimate Points 0
Attached Files

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
User avatar (0000015)
alex (manager)
2009-05-27 03:04

Fix committed to RC branch. Commit Message:\n\n 1. Method "kDBEventHandler::StoreSelectedIDs" wasn't returning IDs, given using $direct_ids parameter.
2. Fixes 0000025: Non-root user can't use copy/cut/paste buttons in catalog.
3. Fixed "category status propagate" feature. Now it copies category StatusField value to all it's children. Before it was coping "Status" field value to all it's children, not "StatusField" field value, specified in unit config.
User avatar (0000609)
administrator (administrator)
2009-10-03 07:56

Closing issues from 5.0.0 version, because version was already released.

- Related Changesets
In-Portal CMS: RC r11821
Timestamp: 2009-05-27 03:04:24
Author: alex
Details ] Diff ]
1. Method "kDBEventHandler::StoreSelectedIDs" wasn't returning IDs, given using $direct_ids parameter.
2. Fixes 0000025: Non-root user can't use copy/cut/paste buttons in catalog.
3. Fixed "category status propagate" feature. Now it copies category StatusField value to all it's children. Before it was coping "Status" field value to all it's children, not "StatusField" field value, specified in unit config.
mod - /in-portal/branches/RC/core/kernel/db/db_event_handler.php Diff ] File ]
mod - /in-portal/branches/RC/core/units/categories/categories_event_handler.php Diff ] File ]
mod - /in-portal/branches/RC/core/units/general/cat_event_handler.php Diff ] File ]

- Issue History
Date Modified Username Field Change
2009-10-03 07:56 administrator Note Added: 0000609
2009-10-03 07:56 administrator Status resolved => closed
2009-10-03 07:39 administrator Type @80@ => bug report
2009-06-03 05:41 alex Fixed in Version 5.0.1 => 5.0.0
2009-06-03 05:40 alex Fixed in Version => 5.0.1
2009-05-27 03:04 alex Note Added: 0000015
2009-05-27 03:04 alex Status reviewed and tested => resolved
2009-05-27 03:04 alex Resolution open => fixed
2009-05-27 03:04 alex Changeset attached RC r11821
2009-05-25 15:35 Dmitry version 5.0.0 => 4.3.9
2009-05-20 14:51 alex Status active => reviewed and tested
2009-05-20 14:51 alex Assigned To => alex
2009-05-20 14:51 alex Target Version => 5.0.0
2009-05-20 14:50 alex New Issue



Web Development by Intechnic
In-Portal Open Source CMS
In-Portal Open Source CMS
Copyright © 2000 - 2009 MantisBT Group

Powered by Mantis Bugtracker