Check permissions and remove user suspension code from admin/users/search.json.php

Bug #771614 reported by Richard Mansfield on 2011-04-27
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
High
Richard Mansfield
1.2
High
Richard Mansfield
1.3
High
Richard Mansfield

Bug Description

At one time, users could be suspended directly from the admin user search page.

The json script which fetches search results still allows suspension of users, and doesn't check institutional admin permission.

CVE References

visibility: private → public
Changed in mahara:
status: In Progress → Fix Committed
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers