system_authservers.php: Descriptive name can be changed by removing read-only property via inspect element
- Go to System -> User Mgmt -> Authentication Servers
- Edit an existing entry
- Open source code of the webpage in the browser's dev-tools and manipulate the value of the first field "Descriptive name"
- Click save
Descriptive name should not change
Descriptive name is changed to whatever was entered in the source code view
Updated by Jim Pingle over 2 years ago
- Subject changed from System -> User Mgmt -> Authentication Servers: read-only field may be manipulated to system_authservers.php: Descriptive name can be changed by removing read-only property via inspect element
- Category set to User Manager / Privileges
- Assignee set to Jim Pingle
- Priority changed from Low to Very Low
- Target version set to 2.5.0
We can fix this, but it's not really what I'd consider a bug. We disable the field so the user can't do that easily and break places that have the server selected. There is only so much we can do to prevent a user from shooting their feet in places like this.
Updated by Alex Z over 2 years ago
I only figured this out because an auto-fill addon of the browser filled in that particular field, so yes I dont consider this critical as well..
I would recommend not to send the value of that field when the save button is pressed to prevent it beeing modified.