[Vtigercrm-developers] Security Patch - User Password Change broken?
Alan Lord
alanslists at gmail.com
Thu Apr 4 12:23:43 UTC 2013
Anyone got any ideas?
I've just copied the cusotmer's system onto our dev platform and tried
to log the password change event that is causing the error. The only
thing in the log is:
FATAL index - SECURITY:Non-Admin user:2406 attempted to change user role
I am *not* trying to change the role.
I am logged in as normal user and am just trying to change my password.
The error is from modules/Users/Save.php and it looks like this check
was added in the recent makeover...
http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/13848/vtigercrm/branches/5.4.0/modules/Users/Save.php
Any ideas as to why I am seeing this?
Thanks
Al
On 03/04/13 15:06, Alan Lord wrote:
> Can someone test something for me?
>
> I've just installed the "Security Patch" on a new system for a customer
> after upgrading from 5.2.1 to 5.4.0.
>
> As admin we can create users and change passwords etc.
>
> But when we log in as a normal user and try to change our password we
> get the following error on the screen:
>
> "SECURITY: Non-Admin user attempted to change user role"
>
> I was only trying to change my password.
>
> Is anyone else seeing this effect?
>
> Thanks
>
> Al
More information about the vtigercrm-developers
mailing list