Project

General

Profile

Bug #3577

any user can view all users and delete them

Added by Nathalie Blocry over 10 years ago. Updated over 10 years ago.

Status:
Feature implemented
Priority:
Immediate
Assignee:
Nathalie Blocry
Target version:
Start date:
09/06/2011
Due date:
% Done:

0%

Estimated time:
Complexity:
Normal

Description

on STABLE

by simply typing the platform url with core.php?application=user any user gets access to the user browser and can perform almost all actions such as deleting users, creating users, ...
only when the user tries to "edit" or "log in as" the actual rights are checked

History

#1

Updated by Nathalie Blocry over 10 years ago

  • Assignee set to Nathalie Blocry
#2

Updated by Nathalie Blocry over 10 years ago

  • Status changed from New to Needs testing

should be fixed now

#3

Updated by Stefaan Vanbillemont over 10 years ago

  • Target version set to 2.1.0
#4

Updated by Nathalie Blocry over 10 years ago

  • Status changed from Needs testing to Feature implemented

Also available in: Atom PDF