OpenNTF.org - domBulletin
domBulletinOpenDocument[/projects/pmt.nsf/ProjectView?ReadForm&Query=]

My Links (Not logged in)
User Name Password
Hosted by Prominic.NET

   Project: domBulletin (Managed by Steve Duncan, Michael Bourak)
Actions:
RSS  


Hide details for The bugThe bug
Bug ID: NOSS-6SJK78
Description
Submitted by:Brian W Wiggins
Project Master Chef:Steve Duncan
Michael Bourak
Bug type:Security
Brief Description:User can subscribe to unauthorized categories
Severity:Medium
Version1.2
Status:

Details
If you restrict category visibility to certain users or groups it works as designed. However any default user can edit their profile and if the newsletter option is enabled all categories will display whether or not they have access and they can subscribe to them. This means the user can receive notices for categories they don't have access to because the newsletter agent just looks at the categories in the user profile and not if they have access.


Action taken
Status:Submitted
Implemented in Release:
Fix Details:
Modification history
Entered 10-Aug-2006 9:38 by Brian W Wiggins. Last Modified <none> by <none>.

Feedback

Hide details for User can subscribe to unauthorized ... ( on 08/10/2006 09:38:44 AM )User can subscribe to unauthorized ... ( on 08/10/2006 09:38:44 AM )
. . sorry duplicate post (Brian W Wiggins... on 08/10/2006 09:40:37 AM )
Check out other projects