Bug #371
Security - Admins can change their own/others groups
| Status: | Resolved | Start: | 09/26/2008 | |
| Priority: | Urgent | Due date: | ||
| Assigned to: | Jannik Hartung | % Done: | 100% |
|
| Category: | Web Panel | |||
| Target version: | 1.3.1 | |||
Description
removed
thanks for report!
fixing this now!
Associated revisions
- Improved use of the archives!!
- Fixed
#371- Admins can change their own/others groups! - Fixed
#372- Admins with List Servers can access Server RCON page, but can't send rcon commands - Fixed
#373- Admins with List Mods can edit mods - Fixed some ugly errormessages
- Added
#246- Custom ban reasons in dropdown menu - Fixed
#354- unify comment-add-link on submission and protest pages - Enabled Kickit by default
- If player was found with Kickit server is shown in ban details
History
Updated by Max Krivanek 101 days ago
I'd like to make sure it gets pointed out that they can do the same with Individual Permissions/Servers/Details. Cause if they edit themselves to that extent they can obviously gain the Owner permission.
Updated by Jannik Hartung 100 days ago
- Subject changed from Security - Admins can change their own/others groups if they have "List Admin" permission. to Security - Admins can change their own/others groups
- Status changed from New to Assigned
- Assigned to set to Jannik Hartung
- Target version set to 1.3.1
ouch, thanks for report!
next time PM one of us in irc or forum!
dont want people to use this exploit;)
Updated by Jannik Hartung 100 days ago
- Status changed from Assigned to Resolved
- % Done changed from 0 to 100