OFBiz › OFBiz - Dev

[jira] Created: (OFBIZ-1717) main screens are visible w/o authentication

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

5 messages Options

Nicolas Malin (Jira)

[jira] Created: (OFBIZ-1717) main screens are visible w/o authentication

main screens are visible w/o authentication
-------------------------------------------

Key: OFBIZ-1717
URL: https://issues.apache.org/jira/browse/OFBIZ-1717
Project: OFBiz
Issue Type: Bug
Components: ALL COMPONENTS
Affects Versions: SVN trunk
Reporter: Bilgin Ibryam
Fix For: SVN trunk

Go to the login screen of a component (not webtools).
Instead of entering the username and password, change the language or time zone.
After you choose the language the request goes to the main view and you can see the main screen w/o any authentication.

Changing the responses to main request instead of main view fixes the bug.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Nicolas Malin (Jira)

[jira] Updated: (OFBIZ-1717) main screens are visible w/o authentication

[ https://issues.apache.org/jira/browse/OFBIZ-1717?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Bilgin Ibryam updated OFBIZ-1717:
---------------------------------

Attachment: 1717.patch

> main screens are visible w/o authentication
> -------------------------------------------
>
> Key: OFBIZ-1717
> URL: https://issues.apache.org/jira/browse/OFBIZ-1717
> Project: OFBiz
> Issue Type: Bug
> Components: ALL COMPONENTS
> Affects Versions: SVN trunk
> Reporter: Bilgin Ibryam
> Fix For: SVN trunk
>
> Attachments: 1717.patch
>
>
> Go to the login screen of a component (not webtools).
> Instead of entering the username and password, change the language or time zone.
> After you choose the language the request goes to the main view and you can see the main screen w/o any authentication.
> Changing the responses to main request instead of main view fixes the bug.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Nicolas Malin (Jira)

[jira] Commented: (OFBIZ-1717) main screens are visible w/o authentication

In reply to this post by Nicolas Malin (Jira)

[ https://issues.apache.org/jira/browse/OFBIZ-1717?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12581444#action_12581444 ]

David E. Jones commented on OFBIZ-1717:
---------------------------------------

This is a good catch Bilgin. The previous code circumvented the security stuff, which is no good at all!

This fix looks like the proper way to go about it.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Nicolas Malin (Jira)

[jira] Assigned: (OFBIZ-1717) main screens are visible w/o authentication

In reply to this post by Nicolas Malin (Jira)

[ https://issues.apache.org/jira/browse/OFBIZ-1717?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacopo Cappellato reassigned OFBIZ-1717:
----------------------------------------

Assignee: Jacopo Cappellato

> main screens are visible w/o authentication
> -------------------------------------------
>
> Key: OFBIZ-1717
> URL: https://issues.apache.org/jira/browse/OFBIZ-1717
> Project: OFBiz
> Issue Type: Bug
> Components: ALL COMPONENTS
> Affects Versions: SVN trunk
> Reporter: Bilgin Ibryam
> Assignee: Jacopo Cappellato
> Fix For: SVN trunk
>
> Attachments: 1717.patch
>
>
> Go to the login screen of a component (not webtools).
> Instead of entering the username and password, change the language or time zone.
> After you choose the language the request goes to the main view and you can see the main screen w/o any authentication.
> Changing the responses to main request instead of main view fixes the bug.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Nicolas Malin (Jira)

[jira] Closed: (OFBIZ-1717) main screens are visible w/o authentication

In reply to this post by Nicolas Malin (Jira)

[ https://issues.apache.org/jira/browse/OFBIZ-1717?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacopo Cappellato closed OFBIZ-1717.
------------------------------------

Resolution: Fixed

Thanks Bilgin, your patch is in svn.

> main screens are visible w/o authentication
> -------------------------------------------
>
> Key: OFBIZ-1717
> URL: https://issues.apache.org/jira/browse/OFBIZ-1717
> Project: OFBiz
> Issue Type: Bug
> Components: ALL COMPONENTS
> Affects Versions: SVN trunk
> Reporter: Bilgin Ibryam
> Assignee: Jacopo Cappellato
> Fix For: SVN trunk
>
> Attachments: 1717.patch
>
>
> Go to the login screen of a component (not webtools).
> Instead of entering the username and password, change the language or time zone.
> After you choose the language the request goes to the main view and you can see the main screen w/o any authentication.
> Changing the responses to main request instead of main view fixes the bug.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.