Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
 Back  |  Find  |  Login  |  Help 
icon5.gif   Checking logging before posting, posted by Daniel Campora on Thu Apr 4 17:47:12 2013 
    icon2.gif   Re: Checking logging before posting, posted by Stefan Ritt on Fri Apr 5 10:07:57 2013 
Message ID: 67474     Entry time: Thu Apr 4 17:47:12 2013     Reply to this: 67476
Icon: Question  Author: Daniel Campora  Author Email: dcampora@cern.ch 
Category: Bug report  OS: Linux  ELOG Version: 2.9.2 
Subject: Checking logging before posting 

Hi there,

 

Here's a bit of a special scenario. There's no server-side check the user is logged in upon posting, but it rather seems the server relies on the post data sent from the form.

An example of this can be triggered on a write restricted elog, by hitting on New and logging out in another tab. Then posting, from the first tab, will post as if the user was logged on. Hitting back and posting again also works.

 

Cheers

ELOG V3.1.5-3fb85fa6