Check permissions and remove user suspension code from admin/users/search.json.php
Bug #771614 reported by
Richard Mansfield
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Mahara |
Fix Released
|
High
|
Richard Mansfield | ||
| 1.2 |
Fix Released
|
High
|
Richard Mansfield | ||
| 1.3 |
Fix Released
|
High
|
Richard Mansfield | ||
Bug Description
At one time, users could be suspended directly from the admin user search page.
The json script which fetches search results still allows suspension of users, and doesn't check institutional admin permission.
CVE References
| visibility: | private → public |
| Changed in mahara: | |
| status: | In Progress → Fix Committed |
| Changed in mahara: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
