external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 09:43:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix account privilege escalation vulnerability

Browse source 
A check is only done to verify a Trusted User isn't promoting their
account. An attacker can send tampered account type POST data to
change their "User" level account to a "Developer" account.

Add check so that all users cannot increase their own account
permissions.

Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
canyonknight 2012-11-29 16:54:30 -05:00 committed by Lukas Fleischer
parent 87fe4701cd
commit ec332bb7e6
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
web/lib/acctfuncs.inc.php
View file

@ -145,8 +145,8 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
$error = __("The PGP key fingerprint is invalid."); $error = __("The PGP key fingerprint is invalid.");
} }
if ($UTYPE == "Trusted User" && $T == 3) { if (($UTYPE == "User" && $T > 1) || ($UTYPE == "Trusted User" && $T > 2)) {
$error = __("A Trusted User cannot assign Developer status."); $error = __("Cannot increase account permissions.");
} }
if (!$error && !array_key_exists($L, $SUPPORTED_LANGS)) { if (!$error && !array_key_exists($L, $SUPPORTED_LANGS)) {
$error = __("Language is not currently supported."); $error = __("Language is not currently supported.");