[Freeipa-devel] [PATCH] fix self-service uid change
Rob Crittenden
rcritten at redhat.com
Tue Apr 22 15:52:25 UTC 2008
I try to do some sanity checks to be sure that the user we're changing
is the one that was pulled up to edit to prevent injection attacks. In
this case I was using the wrong uid field to be sure that in the case of
a self-service edit the user doing the editing is the user logged in.
The uid wasn't matching it was being rejected, but that is of course the
point because comparison.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-3-changeuid.patch
Type: text/x-patch
Size: 1280 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080422/f6739b34/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080422/f6739b34/attachment-0001.bin>
More information about the Freeipa-devel
mailing list