Bug #9541: Non-admin user with admin rights is given the wrong URL for the user manager - pfSense - pfSense bugtracker

Actions

Bug #9541

closed

Non-admin user with admin rights is given the wrong URL for the user manager

Added by Steve Wheeler over 5 years ago. Updated over 3 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Category:

User Manager / Privileges

Target version:

Start date:

05/21/2019

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.4.x

Affected Architecture:

All

Description

In 2.4.4p3 a user with admin rights that is not the admin user is given when opening the user manager:
https://x.x.x.x/system_usermanager_passwordmg.php

The admin user is given the correct url:
https://x.x.x.x/system_usermanager.php

This does not happen in 2.4.4p2

Files

pfSense User Manager Bug.png (76.1 KB) pfSense User Manager Bug.png

Michael Alden, 02/22/2021 02:11 PM

Actions

#1

Updated by Andy Kniveton over 5 years ago

Also get https://x.x.x.x/system_usermanager_passwordmg.php when you use FreeRadius for the user auth.

Actions

#2

Updated by Jim Pingle over 5 years ago

Status changed from New to In Progress
Assignee set to Jim Pingle

Looks like it's due to an instance of an incorrect usage of a wildcard when attempting to patch the page. The new stricter matching code doesn't allow that, and it is not necessary in this case.

Actions

#3

Updated by Jim Pingle over 5 years ago

Status changed from In Progress to Feedback
% Done changed from 0 to 100

Applied in changeset cf529cbe33ae53f3f95b37a227da141b97465f20.

Actions

#4

Updated by Anonymous over 5 years ago

Status changed from Feedback to Resolved

On 20190725-0909, unable to reproduce the bad behavior.

Actions

#5

Updated by Jim Pingle over 5 years ago

Category changed from Web Interface to User Manager / Privileges

Actions

#6

Updated by Jim Pingle almost 5 years ago

Target version changed from 2.5.0 to 2.4.5

Actions

#7

Updated by Jim Pingle almost 5 years ago

Status changed from Resolved to Feedback

Needs checked and/or tested again on 2.4.5 snapshots

Actions

#8

Updated by Jim Pingle almost 5 years ago

Status changed from Feedback to Resolved

Works as expected on 2.4.5.a.20191218.2354

Actions

#9

Updated by Michael Alden over 3 years ago

File pfSense User Manager Bug.png pfSense User Manager Bug.png added

Testing this on 2.5.0-RELEASE, it looks like the bug is either still present or there's been a regression—screen capture attached.

This patch still works as expected, https://github.com/pfsense/pfsense/commit/b9ed452dbba4689e6280efa7f503e30809a3d8e4

Actions

#10

Updated by Jim Pingle over 3 years ago

The code in 2.5.0 is the same as the post-patch code there. Perhaps you accidentally reverted that patch after being on the release?

https://github.com/pfsense/pfsense/blob/RELENG_2_5_0/src/usr/local/www/head.inc#L259

Actions

Also available in: Atom PDF