Bug #9541
closedNon-admin user with admin rights is given the wrong URL for the user manager
100%
Description
In 2.4.4p3 a user with admin rights that is not the admin user is given when opening the user manager:
https://x.x.x.x/system_usermanager_passwordmg.php
The admin user is given the correct url:
https://x.x.x.x/system_usermanager.php
This does not happen in 2.4.4p2
Files
Updated by Andy Kniveton over 5 years ago
Also get https://x.x.x.x/system_usermanager_passwordmg.php when you use FreeRadius for the user auth.
Updated by Jim Pingle over 5 years ago
- Status changed from New to In Progress
- Assignee set to Jim Pingle
Looks like it's due to an instance of an incorrect usage of a wildcard when attempting to patch the page. The new stricter matching code doesn't allow that, and it is not necessary in this case.
Updated by Jim Pingle over 5 years ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
Applied in changeset cf529cbe33ae53f3f95b37a227da141b97465f20.
Updated by Anonymous over 5 years ago
- Status changed from Feedback to Resolved
On 20190725-0909, unable to reproduce the bad behavior.
Updated by Jim Pingle about 5 years ago
- Category changed from Web Interface to User Manager / Privileges
Updated by Jim Pingle almost 5 years ago
- Target version changed from 2.5.0 to 2.4.5
Updated by Jim Pingle almost 5 years ago
- Status changed from Resolved to Feedback
Needs checked and/or tested again on 2.4.5 snapshots
Updated by Jim Pingle almost 5 years ago
- Status changed from Feedback to Resolved
Works as expected on 2.4.5.a.20191218.2354
Updated by Michael Alden over 3 years ago
Testing this on 2.5.0-RELEASE, it looks like the bug is either still present or there's been a regression—screen capture attached.
This patch still works as expected, https://github.com/pfsense/pfsense/commit/b9ed452dbba4689e6280efa7f503e30809a3d8e4
Updated by Jim Pingle over 3 years ago
The code in 2.5.0 is the same as the post-patch code there. Perhaps you accidentally reverted that patch after being on the release?
https://github.com/pfsense/pfsense/blob/RELENG_2_5_0/src/usr/local/www/head.inc#L259