View Issue Details

IDProjectCategoryView StatusLast Update
15968Bug reportsAuthenticationpublic2020-03-23 13:09
Reporterkarimj Assigned Toc_schmitz  
PrioritynoneSeverityminor 
Status closedResolutionfixed 
Product Version3.22.7 
Summary15968: Deleted user can still access to /admin
Description

As a deleted user i can still access to the /admin url and some forms (without the ability to submit any form so far)
Considering that my account doesn't exists anymore in the LS site database, i should be redirected to the login form.

For example, when i tried to validate the personnal setting form (/admin/user/sa/personalsettings) i got an error message :

500: Internal Server Error
Call to undefined method stdClass::save()

instead of beeing redirected to the authentication form.

TagsNo tags attached.
Complete LimeSurvey version number (& build)3.22.7+200225
I will donate to the project if issue is resolvedNo
Browserfirefox 73.0.1
Database & DB-VersionMariaDB 10.1.37-0+deb9u1
Server OS (if known)Debian 9.8
Webserver software & version (if known)2.4.25-3+deb9u7
PHP Version7.0.33-0+deb9u6

Activities

c_schmitz

c_schmitz

2020-03-17 14:03

administrator   ~56610

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=29715

lime_release_bot

lime_release_bot

2020-03-23 13:09

administrator   ~56731

Fixed in Release 3.22.10+200323

Related Changesets

LimeSurvey: master 064a61d3

2020-03-17 14:03:14

c_schmitz

Details Diff
Fixed issue 15968: Deleted user not being completely logged out Affected Issues
15968
mod - application/controllers/AdminController.php Diff File

Issue History

Date Modified Username Field Change
2020-03-10 11:32 karimj New Issue
2020-03-17 14:03 c_schmitz Changeset attached => LimeSurvey master 064a61d3
2020-03-17 14:03 c_schmitz Note Added: 56610
2020-03-17 14:03 c_schmitz Assigned To => c_schmitz
2020-03-17 14:03 c_schmitz Resolution open => fixed
2020-03-23 13:09 lime_release_bot Note Added: 56731
2020-03-23 13:09 lime_release_bot Status new => closed