[Vtigercrm-developers] Be aware of this one!
Alan Lord
alanslists at gmail.com
Fri Jan 29 13:15:42 GMT 2016
Note this bug report by Nilay earlier today:
http://code.vtiger.com/vtiger/vtigercrm/issues/90
Essentially any user can edit their Preferences and if you put it into
Edit View, _you_ can change your username... You can change it to anything.
Create a non-admin user.
Login as this user.
Go to your preferences page.
Click Edit.
Change your username to "admin". ;-)
This will stop the admin, or you, from being able to login.
...
The fix? Change the user_name field's displaytype to "2" in the
vtiger_field table.
More information about the vtigercrm-developers
mailing list