RE: [cobalt-users] Re: MAJOR UNSOLVED BUG IN THE GUI(WEBPANEL) COBALT-550

["Manny Tau" <mtau@xxxxxxx>]

Absolutely. It's a real pain when every now and then I get a flurry of spam
activity, then have to figure out how they're getting in and close that
up...

Manny

-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Oliver Wendt
Sent: Saturday, June 14, 2003 4:59 AM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: [cobalt-users] Re: MAJOR UNSOLVED BUG IN THE GUI(WEBPANEL)
COBALT-550


 > I believe that you can only view the users, but can't change
anything...am I right?
 > Manny

Well, nonetheless complete lists of remote or local subscribers to
mailing lists can be copied.
Opened doors for Spammers, don't you tink?

Ollie

 > -----Original Message-----
 > From: Oliver Wendt [mailto:hawkeye@xxxxxxxxxxxx]
 > Sent: Friday, June 13, 2003 7:19 AM
 > To: cobalt-users@xxxxxxxxxxxxxxx
 > Subject: [cobalt-users] Re: MAJOR UNSOLVED BUG IN THE GUI(WEBPANEL)
 > COBALT-550
 >
 >
 > hi there,
 >
 > we just implemented a small check in ServerScriptHelper.php -
 > just like this:
 >
 > $serverScriptHelper = new ServerScriptHelper();
 > $cceClient = $serverScriptHelper->getCceClient();
 > $user = $cceClient->getObject("User", array("name"=>$loginName));
 > $groupnr = $user["site"];
 > if ($loginName != "admin") { // admin may do whatever he's up to
 >     if (isset($group)) { // checking url-parameters
 >         if ($group != $groupnr) { // evil guys change those values
 >         header("Location: http://www.somewhere.org";);
 >         exit;
 >         }
 >     }
 > }
 >
 > just give it a try ... it seems to work flawlessly.

_____________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users