ClearOS Bug Tracker


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002209ClearOSapp-base - Base Systempublic2015-02-20 07:152015-08-13 08:29
Reporterdloper 
Assigned To 
PrioritylowSeveritytrivialReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version6.6.0 
Target Version6.7.0 Beta 1Fixed in Version 
Summary0002209: Improper redirect in app-base session.php
DescriptionNon-root admins are redirected to an improper 'you cannot view this page' due to an invalid redirect.
Steps To Reproducefile is contained in app-base
Additional Information--- /usr/clearos/apps/base/controllers/session.php 2015-02-03 10:09:04.000000000 -0500
+++ /root/support/.common/normal/usr/clearos/apps/base/controllers/session.php 2014-09-05 13:07:10.226334795 -0400
@@ -236,7 +236,7 @@
                         $username = $this->input->post('clearos_username');
                         $valid_pages = $this->access_control->get_valid_pages($username);
                         if (preg_match('/^\/base\//', $post_redirect)
- && (in_array('dashboard', $valid_pages) || ($username === 'root'))
+ && (in_array('/app/dashboard', $valid_pages) || ($username === 'root'))
                             && clearos_app_installed('dashboard')
                         ) {
                             redirect('/dashboard');
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0001377)
user2
2015-02-24 13:55

This was resolved in ClearOS 7, but it should be backported.

- Issue History
Date Modified Username Field Change
2015-02-20 07:15 dloper New Issue
2015-02-23 20:12 user2 Status new => confirmed
2015-02-24 13:55 user2 Note Added: 0001377
2015-05-20 18:24 user2 Target Version 6.6.0 Updates => 6.7.0 Beta 1
2015-08-10 17:27 user2 Category app-dashboard - Dashboard => app-base - Base System
2015-08-12 14:17 user2 Status confirmed => resolved
2015-08-12 14:17 user2 Resolution open => fixed
2015-08-12 14:17 user2 Assigned To => user2
2015-08-13 08:29 user2 Status resolved => closed
2015-08-13 08:29 user2 Assigned To user2 =>