phpdevshell team mailing list archive
-
phpdevshell team
-
Mailing list archive
-
Message #01222
[Bug 1117723] [NEW] USER_getGroupsQuery and USER_getRolesQuery give back very wrong results in some cases
*** This bug is a security vulnerability ***
Private security bug reported:
Both methods are written without really taking into account that they
might be called to get informations about another user, not the logged
in one.
PHPDS->USER_getRolesQuery() checks $this->user->mergeRoles and abandons
further database checks if that field is not empty. It also writes
informations to $this->user->mergeRoles, so the results of the first
user checked by this query will be the only result given back by it in
future calls. And I'm pretty sure $this->user->mergeRoles should return
only current users roles.
PHPDS->USER_getGroupsQuery() does exactly the same with $this->user->mergeGroups, and further more it gives back the main group more than once (this is because $group_string will contain the main group after checking it for childs. $group_main shouln't be merged with $group_string after this).
Also, $group_array is an array resonse from a query. It should be extended with $group_array[] = array('user_group_id' => $group_main), not $group_array[$group_main] = array('user_group_id' => $group_main)
To test this just run $this->userGetRoles($userid) or
$this->userGetGroups($userid) for 2 different users.
** Affects: phpdevshell
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of
PHPDevShell, which is subscribed to PHPDevShell.
https://bugs.launchpad.net/bugs/1117723
Title:
USER_getGroupsQuery and USER_getRolesQuery give back very wrong
results in some cases
Status in Open Source PHP RAD Framework with UI.:
New
Bug description:
Both methods are written without really taking into account that they
might be called to get informations about another user, not the logged
in one.
PHPDS->USER_getRolesQuery() checks $this->user->mergeRoles and
abandons further database checks if that field is not empty. It also
writes informations to $this->user->mergeRoles, so the results of the
first user checked by this query will be the only result given back by
it in future calls. And I'm pretty sure $this->user->mergeRoles should
return only current users roles.
PHPDS->USER_getGroupsQuery() does exactly the same with $this->user->mergeGroups, and further more it gives back the main group more than once (this is because $group_string will contain the main group after checking it for childs. $group_main shouln't be merged with $group_string after this).
Also, $group_array is an array resonse from a query. It should be extended with $group_array[] = array('user_group_id' => $group_main), not $group_array[$group_main] = array('user_group_id' => $group_main)
To test this just run $this->userGetRoles($userid) or
$this->userGetGroups($userid) for 2 different users.
To manage notifications about this bug go to:
https://bugs.launchpad.net/phpdevshell/+bug/1117723/+subscriptions
Follow ups
-
[Bug 1117723] Re: USER_getGroupsQuery and USER_getRolesQuery give back very wrong results in some cases
From: Greg, 2013-06-09
-
[Bug 1117723] Re: USER_getGroupsQuery and USER_getRolesQuery give back very wrong results in some cases
From: Greg, 2013-06-09
-
[Bug 1117723] Re: USER_getGroupsQuery and USER_getRolesQuery give back very wrong results in some cases
From: Greg, 2013-06-09
-
[Bug 1117723] Re: USER_getGroupsQuery and USER_getRolesQuery give back very wrong results in some cases
From: Greg, 2013-04-29
-
[Bug 1117723] Re: USER_getGroupsQuery and USER_getRolesQuery give back very wrong results in some cases
From: TitanKing, 2013-02-08
-
[Bug 1117723] Re: USER_getGroupsQuery and USER_getRolesQuery give back very wrong results in some cases
From: Smokey, 2013-02-08
-
[Bug 1117723] Re: USER_getGroupsQuery and USER_getRolesQuery give back very wrong results in some cases
From: TitanKing, 2013-02-08
-
[Bug 1117723] Re: USER_getGroupsQuery and USER_getRolesQuery give back very wrong results in some cases
From: Smokey, 2013-02-08
-
[Bug 1117723] Re: USER_getGroupsQuery and USER_getRolesQuery give back very wrong results in some cases
From: Greg, 2013-02-08
-
[Bug 1117723] Re: USER_getGroupsQuery and USER_getRolesQuery give back very wrong results in some cases
From: Greg, 2013-02-07
-
[Bug 1117723] Re: USER_getGroupsQuery and USER_getRolesQuery give back very wrong results in some cases
From: Smokey, 2013-02-07
-
[Bug 1117723] Re: USER_getGroupsQuery and USER_getRolesQuery give back very wrong results in some cases
From: Greg, 2013-02-07
-
[Bug 1117723] Re: USER_getGroupsQuery and USER_getRolesQuery give back very wrong results in some cases
From: TitanKing, 2013-02-07
-
[Bug 1117723] [NEW] USER_getGroupsQuery and USER_getRolesQuery give back very wrong results in some cases
From: Smokey, 2013-02-06
References