Actions
Bug #73797
closed
Security bug: You can really change the user (not just SU) in TYPO3 Backend
Status:
Closed
Priority:
Must have
Assignee:
-
Category:
-
Target version:
-
Start date:
2016-03-01
Due date:
% Done:
100%
Estimated time:
TYPO3 Version:
7
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:
Description
Hi there,
I found a mysterious behaviour in the TYPO3 backend.
Way to reproduce the error:- TYPO3 Login as admin "a1" (your account)
- Switch user (su) to a second admin "a2"
- Switch user (su as "a2") to a third user "a3"
- Leave the SU mode from "a3" back to "a2"
No you are "a2"! You are not in the su mode anymore.
So you can not switch back to "a1", which is your account.
Possible solution:
Maybe the SU buttons should be disabled if you are already in the su mode.
Updated by Gerrit Code Review over 8 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/46981
Updated by Gerrit Code Review over 8 years ago
Patch set 1 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/46983
Updated by Markus Hölzle over 8 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset bcfd22fc0b7129b9b260f35cde8cbf6fa1f49171.
Updated by
Actions