MantisBT: master-1.1.x 3fc6ef8d

Diff Back to Repository
Author Committer Branch Timestamp Parent
dhx master-1.1.x 2009-06-28 07:42 master-1.1.x d6cffa48
Affected Issues  0010264: Can't successfully add and log on new accounts
Changeset

Fix 0010264: any user could reset prefs for others

This is a backport of f004926674c3fb64402e7606fa204c4adb235093.

There were no access checks done when resetting the preferences on an
account. Thus it was possible for any logged in user (including
anonymous users, if enabled) to reset the preferences for any Mantis
user.
mod - account_prefs_reset.php Diff File