[Vtigercrm-developers] Security

Alan Bell alan.bell at libertus.co.uk
Tue Sep 30 07:54:42 GMT 2014


On 30/09/14 08:45, Pabiszczak, Błażej wrote:
>
>     You can change any records from pricebook module
>
>
> Please edit pricebook record change manually recordid to other (e.g. 
> some account) and save.
>
I have noticed this one before, or similar, if you are in any entity and 
you change the record in the URL it will load the page but with no 
relevant data on it. In 5.4 series it would say " Record you are trying 
to access is not found.Go Back. <javascript:window.history.back()>" I 
figured it was just loading the wrong entity through the form, does it 
actually get around the security and allow you to update an entity that 
you wouldn't otherwise be able to see/update?

Alan.


-- 
Libertus Solutions
http://libertus.co.uk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20140930/504d0e8f/attachment.html>


More information about the vtigercrm-developers mailing list