DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15975>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15975 Security: other users can Customize actions from the url. Summary: Security: other users can Customize actions from the url. Product: Jetspeed Version: 1.4b3-dev / CVS Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: Other Component: Security AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Just type in from an newly opened browser... Login in as a user other then admin. .../jetspeed/portal/media-type/html/user/admin/page/default.psml?action=controls.Customize This will work for any user just substitue the admin above. Delete a pane from the list. No Apply button? No problem! just type in this URL. .../jetspeed/portal/media-type/html/user/admin/page/default.psml/template/Customize?action=controllers.MultiColumnControllerAction&eventSubmit_doSave=Save%20and%20Apply -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
