зеркало из https://github.com/mono/mail-archives.git
98 строки
4.0 KiB
HTML
98 строки
4.0 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
|
|
<HTML>
|
|
<HEAD>
|
|
<TITLE> [Mono-bugs] [Bug 60482][Blo] Changed - Critical bug in ASP.NET UrlAuthorization Module (beta 3)
|
|
</TITLE>
|
|
<LINK REL="Index" HREF="index.html" >
|
|
<LINK REL="made" HREF="mailto:bugzilla-daemon%40bugzilla.ximian.com">
|
|
<META NAME="robots" CONTENT="index,nofollow">
|
|
|
|
<LINK REL="Previous" HREF="017799.html">
|
|
<LINK REL="Next" HREF="017801.html">
|
|
</HEAD>
|
|
<BODY BGCOLOR="#ffffff">
|
|
<H1>[Mono-bugs] [Bug 60482][Blo] Changed - Critical bug in ASP.NET UrlAuthorization Module (beta 3)
|
|
</H1>
|
|
<B>bugzilla-daemon@bugzilla.ximian.com
|
|
</B>
|
|
<A HREF="mailto:bugzilla-daemon%40bugzilla.ximian.com"
|
|
TITLE="[Mono-bugs] [Bug 60482][Blo] Changed - Critical bug in ASP.NET UrlAuthorization Module (beta 3)">bugzilla-daemon@bugzilla.ximian.com
|
|
</A><BR>
|
|
<I>Tue, 22 Jun 2004 21:47:50 -0400 (EDT)</I>
|
|
<P><UL>
|
|
<LI> Previous message: <A HREF="017799.html">[Mono-bugs] [Bug 60457][Maj] Changed - Wrong compilation giving Unreachable Code warning...
|
|
</A></li>
|
|
<LI> Next message: <A HREF="017801.html">[Mono-bugs] [Bug 58511][Maj] Changed - XSP not working on Windows
|
|
</A></li>
|
|
<LI> <B>Messages sorted by:</B>
|
|
<a href="date.html#17800">[ date ]</a>
|
|
<a href="thread.html#17800">[ thread ]</a>
|
|
<a href="subject.html#17800">[ subject ]</a>
|
|
<a href="author.html#17800">[ author ]</a>
|
|
</LI>
|
|
</UL>
|
|
<HR>
|
|
<!--beginarticle-->
|
|
<PRE>Please do not reply to this email- if you want to comment on the bug, go to the
|
|
URL shown below and enter your comments there.
|
|
|
|
Changed by <A HREF="mailto:davidandrewtaylor@hotmail.com.">davidandrewtaylor@hotmail.com.</A>
|
|
|
|
<A HREF="http://bugzilla.ximian.com/show_bug.cgi?id=60482">http://bugzilla.ximian.com/show_bug.cgi?id=60482</A>
|
|
|
|
--- shadow/60482 2004-06-22 20:59:49.000000000 -0400
|
|
+++ shadow/60482.tmp.3081 2004-06-22 21:47:50.000000000 -0400
|
|
@@ -10,13 +10,12 @@
|
|
Component: Sys.Web
|
|
AssignedTo: <A HREF="mailto:mono-bugs@ximian.com">mono-bugs@ximian.com</A>
|
|
ReportedBy: <A HREF="mailto:davidandrewtaylor@hotmail.com">davidandrewtaylor@hotmail.com</A>
|
|
QAContact: <A HREF="mailto:mono-bugs@ximian.com">mono-bugs@ximian.com</A>
|
|
TargetMilestone: ---
|
|
URL:
|
|
-Cc:
|
|
Summary: Critical bug in ASP.NET UrlAuthorization Module (beta 3)
|
|
|
|
Description of Problem:
|
|
There is a critical bug in the ASP.NET UrlAuthorization module in MONO
|
|
(tested in Beta 3). The bug is in the code "AuthorizationConfig.cs"
|
|
within the foreach statement inside the method "internal bool IsValidUser
|
|
@@ -133,6 +132,20 @@
|
|
the "roles" or a "users" attribute.
|
|
|
|
Please look at my code again, which I believe is correct. You can
|
|
see in my last line where I say "verb && (users || roles)".
|
|
|
|
|
|
+
|
|
+------- Additional Comments From <A HREF="mailto:davidandrewtaylor@hotmail.com">davidandrewtaylor@hotmail.com</A> 2004-06-22 21:47 -------
|
|
+I believe you could rewrite your latest version correctly like this:
|
|
+
|
|
+foreach (UserData data in list)
|
|
+{
|
|
+ if (data.Verbs != null && !data.CheckVerb (verb))
|
|
+ continue;
|
|
+
|
|
+ if ((data.Users!=null&&data.CheckUser(user.Identity.Name))
|
|
+ || (data.Roles!=null&&data.CheckRole(user)))
|
|
+ return data.Allow;
|
|
+}
|
|
+
|
|
|
|
</PRE>
|
|
<!--endarticle-->
|
|
<HR>
|
|
<P><UL>
|
|
<!--threads-->
|
|
<LI> Previous message: <A HREF="017799.html">[Mono-bugs] [Bug 60457][Maj] Changed - Wrong compilation giving Unreachable Code warning...
|
|
</A></li>
|
|
<LI> Next message: <A HREF="017801.html">[Mono-bugs] [Bug 58511][Maj] Changed - XSP not working on Windows
|
|
</A></li>
|
|
<LI> <B>Messages sorted by:</B>
|
|
<a href="date.html#17800">[ date ]</a>
|
|
<a href="thread.html#17800">[ thread ]</a>
|
|
<a href="subject.html#17800">[ subject ]</a>
|
|
<a href="author.html#17800">[ author ]</a>
|
|
</LI>
|
|
</UL>
|
|
</body></html>
|