[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Re: MAJOR UNSOLVED BUG IN THE GUI(WEBPANEL) COBALT-550
- Subject: [cobalt-users] Re: MAJOR UNSOLVED BUG IN THE GUI(WEBPANEL) COBALT-550
- From: Oliver Wendt <hawkeye@xxxxxxxxxxxx>
- Date: Fri Jun 13 07:23:01 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
/ MAJOR UNSOLVED BUG IN THE GUI(WEBPANEL) COBALT-550
/>/
/>/ I sent a radiance to SUN two months ago and Sun engineers haven't solved
/>/ this problem.
/>/
/>/ I think that problem know is known by many people but it is not solved
/>/
/>/ If you are an adminsite you can acces to all the adminsite accounts of the
/>/ server, you only have to change the url variable.
/>/ I'm going to give you an example:
/>/
/>/ I'm the adminsite of domain.com, I acces the GUI SITE ADMIN and the url
/that
/ i have in the browser is:
/>/
/>/
/https://www.domain.net:81/nav/cList.php?root=sitemanageRoot&group=site13&hostname=www.domain.net&goto=base_userList <https://www.domain.net:81/nav/cList.php?root=sitemanageRoot&group=site13&hostname=www.domain.net&goto=base_userList>
hi there,
we just implemented a small check in ServerScriptHelper.php - just like this:
$serverScriptHelper = new ServerScriptHelper();
$cceClient = $serverScriptHelper->getCceClient();
$user = $cceClient->getObject("User", array("name"=>$loginName));
$groupnr = $user["site"];
if ($loginName != "admin") { // admin may do whatever he's up to
if (isset($group)) { // checking url-parameters
if ($group != $groupnr) { // evil guys change those values
header("Location: http://www.somewhere.org";);
exit;
}
}
}
just give it a try ... it seems to work flawlessly.
enjoy the weekend,
ollie