| Anonymous | Login | Signup for a new account | 2010-02-09 14:56 EST |
| Main | My View | View Issues | Change Log | Roadmap | Docs |
| Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||
| 0000726 | [Geeklog] Bugs | minor | always | 2008-09-02 21:00 | 2008-09-04 14:59 | ||
| Reporter | Ted Powell | View Status | public | ||||
| Assigned To | THEMike | ||||||
| Priority | high | Resolution | fixed | ||||
| Status | resolved | Product Version | 1.5.0 | ||||
| Summary | 0000726: Problem underlying bug 0000667 not fully addressed | ||||||
| Description |
Line 680 of public_html/admin/moderation.php will only process a delete/approve moderation submission if the form contains a field 'mode' with value 'moderation' _and_ a field acceptable to SEC_checkToken. There are three routines in this file which generate forms with mode=moderation, namely itemlist, draftlist, and userlist. In 1.5.0, only itemlist generates this field (at line 316). userlist was fixed in CVS 1.123, but draftlist was not. With the provided fix, approving a draft story correctly turns off the 'draft' flag. In a previous attempt at reporting this I tried to upload a unified diff with the fix, but was told that the file type (file(1) says it's "ASCII English text", MIME says it's "text/plain") was not allowed for upload. When I used the Back button, as instructed, bug_report_page.php gave me a blank form. This time I will try pasting the diff into Additional Information. |
||||||
| Additional Information |
--- public_html/admin/moderation.php-orig 2008-05-23 14:12:55.000000000 -0700 +++ public_html/admin/moderation.php 2008-09-02 15:02:26.000000000 -0700 @@ -216,12 +216,12 @@ if (SEC_hasRights('story.edit')) { if ($_CONF['listdraftstories'] == 1) { - $retval .= draftlist (); + $retval .= draftlist ($token); } } if ($_CONF['usersubmission'] == 1) { if (SEC_hasRights ('user.edit') && SEC_hasRights ('user.delete')) { - $retval .= userlist (); + $retval .= userlist ($token); } } @@ -336,7 +336,7 @@ * password is sent out immediately. * */ -function userlist () +function userlist ($token) { global $_CONF, $_TABLES, $LANG29, $LANG_ADMIN; @@ -376,6 +376,7 @@ $form_arr = array("bottom" => '', "top" => ''); if ($nrows > 0) { $form_arr['bottom'] = '<input type="hidden" name="type" value="user"' . XHTML . '>' . LB + . '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $token . '"'. XHTML . '>' . LB . '<input type="hidden" name="mode" value="moderation"' . XHTML . '>' . LB . '<input type="hidden" name="count" value="' . $nrows . '"' . XHTML . '>' . '<p align="center"><input type="submit" value="' @@ -398,7 +399,7 @@ * thus publish the story. * */ -function draftlist () +function draftlist ($token) { global $_CONF, $_TABLES, $LANG24, $LANG29, $LANG_ADMIN; @@ -437,6 +438,7 @@ $form_arr = array("bottom" => '', "top" => ''); if ($nrows > 0) { $form_arr['bottom'] = '<input type="hidden" name="type" value="draft"' . XHTML . '>' . LB + . '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $token . '"'. XHTML . '>' . LB . '<input type="hidden" name="mode" value="moderation"' . XHTML . '>' . LB . '<input type="hidden" name="count" value="' . $nrows . '"' . XHTML . '>' . '<p align="center"><input type="submit" value="' |
||||||
| Tags | No tags attached. | ||||||
| Target | Next Release | ||||||
| Attached Files | |||||||
|
|
|||||||
 Relationships |
|||||||||||
|
|||||||||||
|
Notes |
|
 (0000305)THEMike (developer) 2008-09-04 14:56 |
User issue already fixed. About to commit drafts item. |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2008-09-02 21:00 | Ted Powell | New Issue | |
| 2008-09-02 21:09 | Ted Powell | Issue Monitored: Ted Powell | |
| 2008-09-03 01:59 | THEMike | Relationship added | has duplicate 0000725 |
| 2008-09-03 02:00 | THEMike | Relationship added | related to 0000667 |
| 2008-09-03 03:22 | dhaun | Target | => Next Release |
| 2008-09-03 03:22 | dhaun | Status | new => feedback |
| 2008-09-04 14:56 | THEMike | Note Added: 0000305 | |
| 2008-09-04 14:59 | THEMike | Assigned To | => THEMike |
| 2008-09-04 14:59 | THEMike | Priority | normal => high |
| 2008-09-04 14:59 | THEMike | Status | feedback => resolved |
| 2008-09-04 14:59 | THEMike | Resolution | open => fixed |
| 2008-09-04 14:59 | THEMike | Projection | none => minor fix |
| 2008-09-04 14:59 | THEMike | ETA | none => < 1 day |
| 2008-09-04 14:59 | THEMike | Fixed in Version | => 1.5.1 |
| Copyright © 2000 - 2009 Mantis Group Hosted by pair.com |  |
