Mahara

Check permissions and remove user suspension code from admin/users/search.json.php

Bug #771614 reported by Richard Mansfield on 2011-04-27

258

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Mahara	Fix Released	High	Richard Mansfield	Mahara 1.4.0
1.2	Fix Released	High	Richard Mansfield	Mahara 1.2.9
1.3	Fix Released	High	Richard Mansfield	Mahara 1.3.6

At one time, users could be suspended directly from the admin user search page.

The json script which fetches search results still allows suspension of users, and doesn't check institutional admin permission.

Revision history for this message

Richard Mansfield (richard-mansfield) wrote on 2011-04-27:

Revision history for this message

Richard Mansfield (richard-mansfield) wrote on 2011-04-27:

Revision history for this message

Richard Mansfield (richard-mansfield) wrote on 2011-04-27:

François Marier (fmarier) on 2011-05-10

visibility:

private → public

Richard Mansfield (richard-mansfield) on 2011-05-10

Changed in mahara:
status:	In Progress → Fix Committed

François Marier (fmarier) on 2011-06-14

Changed in mahara:
status:	Fix Committed → Fix Released

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Bug watches keep track of this bug in other bug trackers.