?
avatar Wakinya
Wakinya
29 Sep 2014

Front end editing fails in Joomla 3.3.4 upgraded from 3.3.3

I have 2 sites in Joomla 3.3.4 upgraded from 3.3.3

Both have issues with front end editing in both 3.3.3 and 3.3.4

  1. live site - disallows front end login by super admin and says:" Error You are not authorised to view this resource." It shows the "edit icon" . When I click it takes me to back end Module Manager: Module Custom HTML> Image Custom -HTML page.

This is weird.

Could this work as an exploit vulnerability??

PHP Built On
Linux
Database Version
5.5.37-cll
Database Collation
utf8_general_ci
PHP Version
5.4.32
Web Server
LiteSpeed
WebServer to PHP Interface
litespeed
Joomla! Version
Joomla! 3.3.4 Stable [ Ember ] 23-September-2014 14:00 GMT
Joomla! Platform Version
Joomla Platform 13.1.0 Stable [ Curiosity ] 24-Apr-2013 00:00 GMT
User Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:32.0) Gecko/20100101 Firefox/32.0

and;

  1. site in dev on local server.

Allows text editor but the "save" button is a dead link and fails. "Cancel" button works ok.

Setting
Value
PHP Built On
Darwin local
Database Version
5.5.38
Database Collation
utf8_general_ci
PHP Version
5.5.14
Web Server
Apache/2.2.26 (Unix) mod_fastcgi/2.4.6 mod_wsgi/3.4 Python/2.7.6 PHP/5.5.14 mod_ssl/2.2.26 OpenSSL/0.9.8y DAV/2 mod_perl/2.0.8 Perl/v5.18.2
WebServer to PHP Interface
apache2handler
Joomla! Version
Joomla! 3.3.4 Stable [ Ember ] 23-September-2014 14:00 GMT
Joomla! Platform Version
Joomla Platform 13.1.0 Stable [ Curiosity ] 24-Apr-2013 00:00 GMT
User Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:32.0) Gecko/20100101 Firefox/32.0

I did not alter permissions on either.

Back end editing works of course or I would not have been able to develop.

  1. I loaded a new untouched 3.3.4 live but these issues did not present. Front end editing appears to work ok.

Both using using Protostar Template.

Not sure if it is a bug or I'm missing something?

Votes

# of Users Experiencing Issue
1/1
Average Importance Score
5.00

avatar Wakinya Wakinya - open - 29 Sep 2014
avatar zero-24
zero-24 - comment - 29 Sep 2014

hi,

@Wakinya this could be a side affect by the ACL Bug in 3.3.4 please test this Fix: #4331

avatar zero-24
zero-24 - comment - 29 Sep 2014

@Wakinya i cant reproduce this using a clean 3.3.4 (upgrade from 3.3.3) Maybe a bug in some other issues here?

disallows front end login by super admin and says:" Error You are not authorised to view this resource."

Please check the login redirect on the login module / login site (module or menu itm)

It shows the "edit icon" . When I click it takes me to back end Module Manager: Module Custom HTML> Image Custom -HTML page.

This is expected a feature to do this in the Frontend will come with 3.4

Could this work as an exploit vulnerability??

No you can do this only if you login with an authorized user. And if you only logged in in FE you need also login into the Backend.

@Wakinya please check here. (The missing buttons in the Backend will fixed with 3.3.5 or #4331)

avatar vdespa vdespa - change - 2 Oct 2014
Status New Closed - Unconfirmed Report
avatar jissues-bot
jissues-bot - comment - 2 Oct 2014

Set to "closed" on behalf of @vdespa by The JTracker Application at issues.joomla.org/joomla-cms/4389

avatar jissues-bot jissues-bot - close - 2 Oct 2014
avatar zero-24 zero-24 - close - 2 Oct 2014
avatar jissues-bot jissues-bot - change - 2 Oct 2014
Closed_Date 0000-00-00 00:00:00 2014-10-02 15:53:36
avatar Wakinya
Wakinya - comment - 14 Oct 2014

Thank you.

This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/4389.

avatar zero-24 zero-24 - change - 7 Jul 2015
Labels Added: ?

Add a Comment

Login with GitHub to post a comment