зеркало из https://github.com/mono/mail-archives.git
96 строки
3.7 KiB
HTML
96 строки
3.7 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
|
|
<HTML>
|
|
<HEAD>
|
|
<TITLE> [Mono-bugs] [Bug 60482][Blo] Changed - Critical bug in ASP.NET UrlAuthorization Module (beta 3)
|
|
</TITLE>
|
|
<LINK REL="Index" HREF="index.html" >
|
|
<LINK REL="made" HREF="mailto:bugzilla-daemon%40bugzilla.ximian.com">
|
|
<META NAME="robots" CONTENT="index,nofollow">
|
|
|
|
<LINK REL="Previous" HREF="017696.html">
|
|
<LINK REL="Next" HREF="017698.html">
|
|
</HEAD>
|
|
<BODY BGCOLOR="#ffffff">
|
|
<H1>[Mono-bugs] [Bug 60482][Blo] Changed - Critical bug in ASP.NET UrlAuthorization Module (beta 3)
|
|
</H1>
|
|
<B>bugzilla-daemon@bugzilla.ximian.com
|
|
</B>
|
|
<A HREF="mailto:bugzilla-daemon%40bugzilla.ximian.com"
|
|
TITLE="[Mono-bugs] [Bug 60482][Blo] Changed - Critical bug in ASP.NET UrlAuthorization Module (beta 3)">bugzilla-daemon@bugzilla.ximian.com
|
|
</A><BR>
|
|
<I>Mon, 21 Jun 2004 21:51:05 -0400 (EDT)</I>
|
|
<P><UL>
|
|
<LI> Previous message: <A HREF="017696.html">[Mono-bugs] [Bug 60519][Maj] Changed - Assembly.GetReferencedAssemblies doesn't return the public key token
|
|
</A></li>
|
|
<LI> Next message: <A HREF="017698.html">[Mono-bugs] [Bug 60519][Maj] Changed - Assembly.GetReferencedAssemblies doesn't return the public key token
|
|
</A></li>
|
|
<LI> <B>Messages sorted by:</B>
|
|
<a href="date.html#17697">[ date ]</a>
|
|
<a href="thread.html#17697">[ thread ]</a>
|
|
<a href="subject.html#17697">[ subject ]</a>
|
|
<a href="author.html#17697">[ author ]</a>
|
|
</LI>
|
|
</UL>
|
|
<HR>
|
|
<!--beginarticle-->
|
|
<PRE>Please do not reply to this email- if you want to comment on the bug, go to the
|
|
URL shown below and enter your comments there.
|
|
|
|
Changed by <A HREF="mailto:davidandrewtaylor@hotmail.com.">davidandrewtaylor@hotmail.com.</A>
|
|
|
|
<A HREF="http://bugzilla.ximian.com/show_bug.cgi?id=60482">http://bugzilla.ximian.com/show_bug.cgi?id=60482</A>
|
|
|
|
--- shadow/60482 2004-06-20 21:05:55.000000000 -0400
|
|
+++ shadow/60482.tmp.14369 2004-06-21 21:51:05.000000000 -0400
|
|
@@ -89,6 +89,32 @@
|
|
|
|
|
|
------- Additional Comments From <A HREF="mailto:davidandrewtaylor@hotmail.com">davidandrewtaylor@hotmail.com</A> 2004-06-20 21:05 -------
|
|
Created an attachment (id=8255)
|
|
File 5: test page 3
|
|
|
|
+
|
|
+------- Additional Comments From <A HREF="mailto:davidandrewtaylor@hotmail.com">davidandrewtaylor@hotmail.com</A> 2004-06-21 21:51 -------
|
|
+In the following file:
|
|
+AuthorizationConfig.cs
|
|
+There is a foreach statement inside the Method:
|
|
+internal bool IsValidUser (IPrincipal user, string verb)
|
|
+
|
|
+I propose as a patch to fix this bug that we replace the foreach
|
|
+code block with this:
|
|
+
|
|
+foreach (UserData data in list)
|
|
+{
|
|
+ userMatch = (data.Users!=null && data.CheckUser
|
|
+(user.Identity.Name))
|
|
+ ? true : false;
|
|
+
|
|
+ roleMatch = (data.Roles!=null && data.CheckRole(user))
|
|
+ ? true : false;
|
|
+
|
|
+ verbMatch = (data.Verbs == null);
|
|
+ if (data.Verbs != null)
|
|
+ verbMatch = data.CheckVerb (verb);
|
|
+
|
|
+ if ((userMatch || roleMatch) && verbMatch)
|
|
+ return data.Allow;
|
|
+}
|
|
|
|
</PRE>
|
|
<!--endarticle-->
|
|
<HR>
|
|
<P><UL>
|
|
<!--threads-->
|
|
<LI> Previous message: <A HREF="017696.html">[Mono-bugs] [Bug 60519][Maj] Changed - Assembly.GetReferencedAssemblies doesn't return the public key token
|
|
</A></li>
|
|
<LI> Next message: <A HREF="017698.html">[Mono-bugs] [Bug 60519][Maj] Changed - Assembly.GetReferencedAssemblies doesn't return the public key token
|
|
</A></li>
|
|
<LI> <B>Messages sorted by:</B>
|
|
<a href="date.html#17697">[ date ]</a>
|
|
<a href="thread.html#17697">[ thread ]</a>
|
|
<a href="subject.html#17697">[ subject ]</a>
|
|
<a href="author.html#17697">[ author ]</a>
|
|
</LI>
|
|
</UL>
|
|
</body></html>
|