Feeling Lucky
?
[#17839] - Fix allowedit for field, only use component ACL if field ID is zero (new record)
- Fixed in Code Base
- 25 Sep 2017
- Medium
- Build: staging
- # 17839
- Diff
- ggppdk:patch-41
User tests: Successful: Unsuccessful:
Same fix as fix that had been applied here in the past to the article controller :
This is minor security issue,
if user than has "edit" on fields component, is denied editing configuration of a specific field ,
then user will still be able to edit the field's configuration
Summary of Changes
Testing Instructions
Expected result
Actual result
Documentation Changes Required
joomla-cms-bot
- | Category | ⇒ | Administration com_fields |
| Status | New | ⇒ | Pending |
Sieger66
- comment
- 12 Sep 2017
I have tested this item
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/17839.
| Status | Pending | ⇒ | Ready to Commit |
franz-wohlkoenig
- comment
- 12 Sep 2017
RTC after two successful tests.
mbabker
- | Status | Ready to Commit | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2017-09-25 11:42:23 |
| Closed_By | ⇒ | mbabker | |
| Labels |
Added:
?
|
||
I have tested this item✅ successfully on b2167f5
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/17839.