Commit b10c047f authored by Per Cederqvist's avatar Per Cederqvist

More bugs entered into Bugzilla.

parent ca96ebe7
......@@ -140,8 +140,7 @@ None!
Leaks number of secret members since they are not completely
deleted from the member list, just zeroed out.
BUGZILLA-MARKER: the bugs below are not yet present in lysBugzilla.
[42]
*** add_member
*** add_member_old
Returns KOM_INVALID_MEMBERSHIP if we attempt to add secret person
......@@ -155,6 +154,7 @@ BUGZILLA-MARKER: the bugs below are not yet present in lysBugzilla.
possible to find all persons who are secret members of a
conference.
[43]
*** sub_member
No access check on conference or person before attempting to
locate membership. As a result we can find out if a conference
......@@ -163,11 +163,13 @@ BUGZILLA-MARKER: the bugs below are not yet present in lysBugzilla.
access checks right after getting the conf_c and pers_p from the
database. The final if statement is also suspect.
[44]
*** set_unread
*** set_last_read
No access check on conference before attempting to locate
membership. This means we can locate all secret conferences.
[45]
*** set_permitted_submitters
*** set_supervisor
*** set_super_conf
......@@ -175,16 +177,20 @@ BUGZILLA-MARKER: the bugs below are not yet present in lysBugzilla.
before access check on conference being changed. We can use this
to map out all secret conferences.
[46]
*** set_conf_type
No access check on conference before examining conference type.
Use this to map out all secret conferences.
[47] (Invalid: see http://bugzilla.lysator.liu.se/show_bug.cgi?id=47)
*** unmark_text
No access check on the text. This is done in do_unmark_text, but
is is not immediately obvious why it works (although it does.)
Should add an explicit search for the mark before doing anything
else. Maybe.
BUGZILLA-MARKER: the bugs below are not yet present in lysBugzilla.
*** mark_as_read
No access check on conf before attempting to locate membership. We
can use this to map out all secret conferences.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment