Not Authorized error if params field missing

ndee
OFFLINE
Posts: 25
Thanks: 5
Karma: 19

12 years 7 months ago - 12 years 7 months ago #198038 by ndee

Not Authorized error if params field missing was created by ndee

Hi,

this nasty bug took many hours because I first thought it is a CBSubs permission problem/bug. After that I checked database tables, users tables, permissions tables, ...

Long story short:
If the PARAMS field is on a UNPUBLISHED TAB you get "Not Auhtorized" when editing/saving profiles in backend even with Super Users.

The params field itself is protected and can't be unpublished - for a good reason. BUT if you move the params field to a non published tab this check is worthless.

If the params field is missing the following check gets triggered and fails in
administrator/components/comprofiler/controller/controller.user.php (line 117)

Code:

CANT POST CODE HERE BECAUSE SERVER IS REJECTING IT
Method Not Implemented

POST to /forum/post not supported.
Apache Server at www.joomlapolis.com Port 80

If above mentions params field is missing on the backend view the required vars "approved" and "confirmed" are missing and the check fails.

A possible solution would be to add those params regardless if the params field is on a tab or not.

Tested and able to reproduce with CB 1.8 and CB 1.7.1

CB 1.8.0
Joomla 2.5.4

###################
SPEED UP HELP, read first: Help us help you
###################

Last edit: 12 years 7 months ago by ndee.

The following user(s) said Thank You: citydan, rcastll

Please Log in or Create an account to join the conversation.

beat
ONLINE
Posts: 2169
Thanks: 463
Karma: 352

12 years 7 months ago #198286 by beat

Replied by beat on topic Re: Not Authorized error if params field missing

Thanks for having analyzed and reported this issue.

I have added a forge tracker bug item here for CB to reproduce and fix for CB 1.8.1:
forge.joomlapolis.com/issues/3459

Beat - Community Builder Team Member

Before posting on forums: Read FAQ thoroughly -- Help us spend more time coding by helping others in this forum, many thanks

CB links: Our membership - CBSubs - Templates - Hosting - Forge - Send me a Private Message (PM) only for private/confidential info

The following user(s) said Thank You: ndee

Please Log in or Create an account to join the conversation.

mellowdsign
OFFLINE
Posts: 5
Thanks: 0
Karma: 0

12 years 5 months ago #202332 by mellowdsign

Replied by mellowdsign on topic Re: Not Authorized error if params field missing

Thanks alot this solved my bugg I lived me for 2 years now!
I solved it with unpublish some plugs in cb.

Please Log in or Create an account to join the conversation.

citydan
OFFLINE
Posts: 44
Thanks: 2
Karma: 1

12 years 4 months ago #204127 by citydan

Replied by citydan on topic Re: Not Authorized error if params field missing

I have moved the params field to a published tab (Profile Picture tab).

It's set to show on profile and is published. Still I can not edit my users in the back end, whether they are logged in or not.

I am using a Super Admin account.

CB 1.8.1
Joomla 2.5.6
CB Subs 2.0.1

I'm not sure if this helps in fixing the bug, but thought I'd add it in case.

Please Log in or Create an account to join the conversation.

Moderators: beat, nant, krileon