cpg 1.43 album permission bug? cpg 1.43 album permission bug?
 

News:

CPG Release 1.6.27
change DB IP storage fields to accommodate IPv6 addresses
remove use of E_STRICT (PHP 8.4 deprecated)
update README to reflect new website
align code with new .com CPG website
correct deprecation in captcha

Main Menu

cpg 1.43 album permission bug?

Started by hobby, February 13, 2006, 07:10:58 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

hobby

February 13, 2006, 07:10:58 PM Last Edit: February 13, 2006, 08:13:44 PM by GauGau
hello, i am using cpg 1.43 and got the following major problem:

the album "party" is passwort protected and another album (secret) contains pics which shall only be viewable by users of the group "secret" i.e....

so...when a guest now typing the correct passwort for the party album, hey is able to view not only the party pics, he also can be look at the secret-album pictures...

another example:

when a user normal registerd user logs in, he also can view the pics of the secret ablum, instead he isnt member of the group "secret"...

anyone else with the same major security problems???

some help of anyone would be great, because its really a problem...or is it a bug maybe???

thx and cu

:)

-hobby

Joachim Müller

#1
February 13, 2006, 07:59:59 PM
hard to say without a link and a non-admin test user account... ;)

hobby

#2
February 13, 2006, 08:10:37 PM
hm...maybe i schould inform you, that it was a 1.3 version, which i upgraded to version 1.43... and: yes, i run the update.php...but i wont work.

now, anyway, i removed it to replace it completly with 1.43...

this works fine.

but thx anyway :))
Print
Go Up Pages1
User actions