[Vtigercrm-developers] Security
Alan Bell
alan.bell at libertus.co.uk
Tue Sep 30 07:54:42 GMT 2014
On 30/09/14 08:45, Pabiszczak, Błażej wrote:
>
> You can change any records from pricebook module
>
>
> Please edit pricebook record change manually recordid to other (e.g.
> some account) and save.
>
I have noticed this one before, or similar, if you are in any entity and
you change the record in the URL it will load the page but with no
relevant data on it. In 5.4 series it would say " Record you are trying
to access is not found.Go Back. <javascript:window.history.back()>" I
figured it was just loading the wrong entity through the form, does it
actually get around the security and allow you to update an entity that
you wouldn't otherwise be able to see/update?
Alan.
--
Libertus Solutions
http://libertus.co.uk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20140930/504d0e8f/attachment.html>
More information about the vtigercrm-developers
mailing list