- Forums
- Support and Presales
- Professional Members Support
- Crucial Security Bug? User switch and edit ?
Crucial Security Bug? User switch and edit ?
- pepperstreet
- OFFLINE
-
Platinum Member
- Posts: 658
- Thanks: 81
- Karma: 22
11 years 11 months ago - 11 years 11 months ago #200977
by pepperstreet
Crucial Security Bug? User switch and edit ? was created by pepperstreet
OMG, I have a really strange bug in my J!1.5 CB1.8 project. Never seen this before:
I am logged in with USER1 ...
goto another Profile of USER2 ...
I see my login module with avatar on the left side.
If I just RELOAD the page...
I do switch to the viewed USER2. The login avatar changes to USER2. And now I AM USER2.
I can edit HIS Profile now!?!?
This happens on any viewed userprofile. Any clue?!?
I am logged in with USER1 ...
goto another Profile of USER2 ...
I see my login module with avatar on the left side.
If I just RELOAD the page...
I do switch to the viewed USER2. The login avatar changes to USER2. And now I AM USER2.
I can edit HIS Profile now!?!?
This happens on any viewed userprofile. Any clue?!?
Last edit: 11 years 11 months ago by pepperstreet.
Please Log in to join the conversation.
nant
Team Member- OFFLINE
- Posts: 25531
- Thanks: 1834
- Karma: 877
11 years 11 months ago #200990
by nant
I cannot replicate this on my J15 test site - something else is happening on your environment - guessing not CB related.
If you can replicate on a clean install I will take another look (guessing you cannot).
--
Nick (nant)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Tutorials + Search the forums
For more add-ons and support: Upgrade your membership
Links: Community Builder - Languages - Adv/Pro/Dev membership - CBSubs Paid Subscriptions - GPL Templates - Hosting
Visit my CB Profile - Send me a Private Message (PM)
Replied by nant on topic Re: Crucial Security Bug? User switch and edit ?
pepperstreet wrote: OMG, I have a really strange bug in my J!1.5 CB1.8 project. Never seen this before:
I am logged in with USER1 ...
goto another Profile of USER2 ...
I see my login module with avatar on the left side.
If I just RELOAD the page...
I do switch to the viewed USER2. The login avatar changes to USER2. And now I AM USER2.
I can edit HIS Profile now!?!?
This happens on any viewed userprofile. Any clue?!?
I cannot replicate this on my J15 test site - something else is happening on your environment - guessing not CB related.
If you can replicate on a clean install I will take another look (guessing you cannot).
--
Nick (nant)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Tutorials + Search the forums
For more add-ons and support: Upgrade your membership
Links: Community Builder - Languages - Adv/Pro/Dev membership - CBSubs Paid Subscriptions - GPL Templates - Hosting
Visit my CB Profile - Send me a Private Message (PM)
Please Log in to join the conversation.
- TailorMadeSites
- OFFLINE
-
Premium Member
- Posts: 111
- Thanks: 2
- Karma: 0
11 years 11 months ago #200995
by TailorMadeSites
Replied by TailorMadeSites on topic Re: Crucial Security Bug? User switch and edit ?
First time I hear such issue..
Just tested on my site and I don't have such a "bug".. and it's definitely not a CB bug... this seems like a "unsuccessful" joomla/cb code customization that you did..
Just tested on my site and I don't have such a "bug".. and it's definitely not a CB bug... this seems like a "unsuccessful" joomla/cb code customization that you did..
Please Log in to join the conversation.
- krileon
Team Member- ONLINE
- Posts: 68602
- Thanks: 9108
- Karma: 1434
11 years 11 months ago #201013
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic Re: Crucial Security Bug? User switch and edit ?
Sounds like a caching issue. Disable all caching and purge existing caching to see if it resolves.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Please Log in to join the conversation.
- pepperstreet
- OFFLINE
-
Platinum Member
- Posts: 658
- Thanks: 81
- Karma: 22
11 years 11 months ago - 11 years 11 months ago #201038
by pepperstreet
Tried that. No difference.
To answer the previous thoughts and comments:
I have no modified CB or any fancy stuff on this installation. I started from a CB1.2.3 and updated over the last weeks to CB1.8. Additionally I installed all incubator stuff, but most things are not activated or even configured. Currently the profile displays standard stuff like two tabs with personal info; Guestbook, Forum tab. Forum was updated to Kunena 1.7.x
Tried the AjaxCore field feature on the two personal info tabs. Was working fine. Also tried it "disabled".
I have an older copy with CB1.2.3 of the same site, there was no such error.
The big question is? Is it a messed-up Joomla login/session/token thingy issue?!?
And even more important: How to find and surround the culprit? I dont´know where to begin...
What parts of Joomla and DB tables are involved in this login/access issue? Can I replace or clean-up something WITHOUT re-builduing the whole site?
Any help is much appreciated.
Replied by pepperstreet on topic Re: Crucial Security Bug? User switch and edit ?
krileon wrote: Sounds like a caching issue. Disable all caching and purge existing caching to see if it resolves.
Tried that. No difference.
To answer the previous thoughts and comments:
I have no modified CB or any fancy stuff on this installation. I started from a CB1.2.3 and updated over the last weeks to CB1.8. Additionally I installed all incubator stuff, but most things are not activated or even configured. Currently the profile displays standard stuff like two tabs with personal info; Guestbook, Forum tab. Forum was updated to Kunena 1.7.x
Tried the AjaxCore field feature on the two personal info tabs. Was working fine. Also tried it "disabled".
I have an older copy with CB1.2.3 of the same site, there was no such error.
The big question is? Is it a messed-up Joomla login/session/token thingy issue?!?
And even more important: How to find and surround the culprit? I dont´know where to begin...
What parts of Joomla and DB tables are involved in this login/access issue? Can I replace or clean-up something WITHOUT re-builduing the whole site?
Any help is much appreciated.
Last edit: 11 years 11 months ago by pepperstreet. Reason: english syntax ;-)
Please Log in to join the conversation.
- krileon
- Team Member
- ONLINE
- Posts: 68602
- Thanks: 9108
- Karma: 1434
11 years 11 months ago #201047
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic Re: Crucial Security Bug? User switch and edit ?
It's possible you've done something to cause user rows to no longer be in sync. For example you have id 42 in _users and you have user_id 42 in _comprofiler, but for the _comprofiler row you have 48. No idea what to tell you as have never had this happen. Best approach is to pretty much disable everything 1 by 1 to see if it resolves.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Please Log in to join the conversation.
Moderators: beat, nant, krileon
- Forums
- Support and Presales
- Professional Members Support
- Crucial Security Bug? User switch and edit ?
Time to create page: 0.376 seconds
-
You are here:
- Home
- Forums
- Support and Presales
- Professional Members Support
- Crucial Security Bug? User switch and edit ?