This forum is in READ-ONLY mode.
You can look around, but if you want to ask a new question, please use Stack Overflow.

Security BUG (forward404Unless)

Social code snippet repository

Security BUG (forward404Unless)

by null » Sat Aug 12, 2006 5:25 pm

Hello,

Create a account and create a new snippet.

change de URL to http://www.symfony-project.com/snippets/snippet/edit/id/72 or
http://www.symfony-project.com/snippets/snippet/edit/id/1

and I have access to change snipeet of another user...
Code: Select all
  public function executeEdit()
  {
    if ($this->getRequestParameter('id'))
    {
      $this->snippet = SnippetSnippetPeer::retrieveByPk($this->getRequestParameter('id'));
      $this->forward404Unless($this->snippet || $this->getUser()->getUserId() != $this->snippet->getSnippetUser()->getId());
    }
    else
    {
      $this->snippet = new SnippetSnippet();
    }
  }


And another...
http://www.symfony-project.com/snippets/snippet/edit/id/1000

I get a blank page. Probably PHP error like 'Fatal error: Call to a member function getSnippetUser() on a non-object'
null
Member
 
Posts: 51
Joined: Mon Jan 23, 2006 7:18 pm

Re: Security BUG (forward404Unless)

by im_simpleboy » Mon Aug 14, 2006 7:31 am

Yes you r right null! It is a dangerous bug I guess! Thanks to us that we don't have any intension to harm Symfony. If it has been a product of Microsoft, I can't say what had happened to the snippets. Have you informed Francois or Fabien by an email.
im_simpleboy
Member
 
Posts: 87
Joined: Wed Jun 07, 2006 11:57 am
Location: Nepal

Re: Security BUG (forward404Unless)

by null » Mon Aug 14, 2006 2:33 pm

Hi.

I have openned new ticket at:

http://trac.snipeet.com/trac/ticket/4
null
Member
 
Posts: 51
Joined: Mon Jan 23, 2006 7:18 pm