Backend user without rights can make templates inactive
Posted: Thu Aug 23, 2007 11:49 am
If a user without rights is in the admin area, and has edit rights for one page or something, The template for that page is shown. If the user clicks on the template a message appears that there are no rights for editing that template, but after pressing the back to menu button the user gets to the templates lists where he/she can change the default template and make templates (in)active.
With less words:
admin/listtemplates.php is not protected with rights
I think this counts as a small security leak which is not very likely to give trouble since the user must have a login, but should be reported.
With less words:
admin/listtemplates.php is not protected with rights
I think this counts as a small security leak which is not very likely to give trouble since the user must have a login, but should be reported.