If a user without rights is in the admin area, and has edit rights for one page or something, The template for that page is shown. If the user clicks on the template a message appears that there are no rights for editing that template, but after pressing the back to menu button the user gets to the templates lists where he/she can change the default template and make templates (in)active.
With less words:
admin/listtemplates.php is not protected with rights
I think this counts as a small security leak which is not very likely to give trouble since the user must have a login, but should be reported.
Backend user without rights can make templates inactive
A place to discuss the testing process in beta cycles or against SVN for the CMS Made Simple CORE package.
Return to “[locked] Quality Assurance”
Jump to
- Official Boards
- ↳ README FIRST!!!
- ↳ Announcements
- ↳ General Discussion
- Support Boards
- ↳ CMSMS Core
- ↳ Modules/Add-Ons
- ↳ Help Wanted (commercial)
- ↳ Translations
- Community Boards
- ↳ Tips and Tricks
- ↳ CMS Show Off
- ↳ Layout and Design (CSS & HTML)
- ↳ Feature ideas
- ↳ Developers Discussion
- ↳ The Lounge
- International Discussions
- ↳ Czech/Slovak - Česky/Slovensky
- ↳ Danish - Dansk
- ↳ Dutch - Nederlands
- ↳ Aankondigingen
- ↳ Tips en Trucs
- ↳ Vertalingen & Documentatie
- ↳ Hulp gezocht (commercieel)
- ↳ Finnish - Suomi
- ↳ French - Français
- ↳ German - Deutsch
- ↳ BITTE ZUERST LESEN !!!
- ↳ Ankündigungen
- ↳ Installation und Einstellungen
- ↳ Module und Tags
- ↳ Smarty-Tipps und -Tricks
- ↳ Layout und Design
- ↳ Suchmaschinenoptimierung (SEO)
- ↳ HowTo's
- ↳ Übersetzungen
- ↳ Show Off
- ↳ Hilfe gesucht (kommerziell)
- ↳ Stammtisch
- ↳ Hungarian - Magyar
- ↳ Italian - Italiano
- ↳ Moduli/Plugins
- ↳ Lithuanian - Lietuviškai
- ↳ Darbo / bendradarbiavimo pasiūlymai ir paieška
- ↳ Persian / Farsi
- ↳ Polish - Polski
- ↳ Portuguese - Português
- ↳ Russian - русский
- ↳ Предложения и поиск РАБОТЫ
- ↳ Spanish - Español
- ↳ Swedish - Svenska
- Geekmoot Editions
- ↳ Geekmoot 2016
- ↳ Connections and Conversations
- ↳ Geekmoot 2015
- ↳ Geek Moot 2012
- ↳ Locked: Geek Moot 2010
- Old Forums
- ↳ [locked] CMSMS 2.0 Beta
- ↳ Module Developers
- ↳ Closed Issues
- ↳ [locked] Documentation0ld
- ↳ Suggestions, Modifications & Corrections
- ↳ [locked] CMSMS 1.11 Beta
- ↳ Closed Issues
- ↳ [locked] CMSMS 1.10 Beta
- ↳ Closed Issues
- ↳ [locked] CMSMS 2.2 Beta
- ↳ [locked] CMSMS MLE fork
- ↳ Modules/Addon patchs
- ↳ [locked] Quality Assurance
- ↳ [locked] Accessability and Usability
- ↳ [locked] Documentation
- ↳ Media and presentations about CMSMS
- ↳ [locked] Installation, Setup and Upgrade
