[#2776] - Fix default value for the parameter guest_usergroup for com_user in joomla.sql
- Closed
- 30 Jan 2014
- Medium
- Build: staging
- # 2776
- Diff
- SergeyLitvinov:patch-1
- Success The Travis CI build passed Details
User tests: Successful: Unsuccessful:
Fix default value for the parameter guest_usergroup. This fix could be treated as security fix - if site has wrong value for the guest usergroup (13) and site already has the usergroup with such ID with administrator permissions - all of them would be administrators.
Can you check the PostgreSQL and SQL Server joomla.sql files as well and correct there if needed?
Oh, in Joomla 3.1.5 the PostgreSQL file contains correct value (9) but in Joomla 3.2.1 - incorrect (13). Regarding SQL Server file - same story - 3.1.5 doesn't contain default value but Joomla 3.2.1 contains incorrect - 13. Is there any way to attach more changes for this pull request or I neeed make new one?
@SergeyLitvinov Just update your branch https://github.com/SergeyLitvinov/joomla-cms/tree/patch-1 and it will automatically update this PR
| Labels |
Added:
?
|
||
The problem is probably coming from the fact that the sample data (sample_learn and sample_testing) have the guest usergroup as 13 for some unknown reason.
I'm probably the guilty one who caused it in cleaning up a lot of SQL related stuff over the last few months. Theoretically, the sample data should be based off joomla.sql (I know that's the case for sample_data.sql and sample_blog.sql (once that PR is merged) for MySQL), so who knows.
But sql/mysql/sample_testing.sql contains update of com_users parameters in line 822. The same story with sample_learn.sql. I've checked these files for PostgreSQL and SQL Server too. So all looks ok.
@Bakual I saw this but as I wrote before in this file parameters of com_users are updated in line https://github.com/joomla/joomla-cms/blob/staging/installation/sql/mysql/sample_testing.sql#L832
And this update contains appropriate (for usergroups defined in this file) usergroup ID - 13
Ah true. Still stupid to have different numbers for the same group. But it's for another time I think 
Please folks, comment on tracker if your tests are fine to get this into 3.2.2
http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=33079&start=0
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2014-01-30 22:26:46 |
| Labels |
Added:
?
|
||
This pull request is related to the issue #2755 (Joomlacode Tracker item: http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=33079&start=0)