Bug#492881: gforge: Administrators can not delete code snippets.

Tue, 29 Jul 2008 09:28:28 -0700 

Subject: gforge: Administrators can not delete code snippets.
Package: gforge-web-apache
Version: 4.5.14-22etch1
Severity: normal
File: gforge

*** Please type your report below this line ***
The GForge administrator is not allowed to delete code snippets made by other 
users.
The reason is the following code from /usr/share/gforge/www/snippet/delete.php:

                        //Remove the item from the package
                        $result=db_query("DELETE FROM snippet_package_item ".
                                "WHERE snippet_version_id='$snippet_version_id' 
".
                                "AND 
snippet_package_version_id='$snippet_package_version_                           
                                        id'");
                        if (!$result || db_affected_rows($result) < 1) {
                                echo '<h1>Error - That snippet doesn\'t exist 
in this pack                                                                   
age.</h1>';
                                snippet_footer(array());
                                exit;

So only the creator, but no admin is allowed to remove snippets.
This is a problem for example with spam.

In addition the error message, which states that the snippet doesn't exist is 
plain wrong.

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.18-6-xen-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages gforge-web-apache depends on:
ii  apache2            2.0.54-5sarge2        next generation, scalable, extenda
ii  apache2-mpm-prefor 2.0.54-5sarge2        traditional model for Apache2
ii  cronolog           1.6.2-5               Logfile rotator for web servers
ii  debconf [debconf-2 1.4.30.13             Debian configuration management sy
ii  debianutils        2.8.4                 Miscellaneous utilities specific t
ii  gforge-common      4.5.14-22etch1+wald13 collaborative development tool - s
ii  gforge-db-postgres 4.5.14-22etch1+wald13 collaborative development tool - d
ii  libapache2-mod-php 4:4.3.10-22           server-side, HTML-embedded scripti
ii  libdbd-pg-perl     1.41-3                a PostgreSQL interface for Perl 5 
ii  libdbi-perl        1.46-6                Perl5 database interface by Tim Bu
ii  perl               5.8.4-8sarge6         Larry Wall's Practical Extraction 
ii  perl-suid          5.8.4-8sarge6         Runs setuid Perl scripts
ii  php4               4:4.3.10-22           server-side, HTML-embedded scripti
ii  php4-cgi           4:4.3.10-22           server-side, HTML-embedded scripti
ii  php4-gd            4:4.3.10-22           GD module for php4
ii  php4-pgsql         3:4.3.10-4            PostgreSQL module for php4

-- debconf information excluded

-- 
Sascha Wilde                                      OpenPGP key: 4BB86568
Intevation GmbH, Osnabrück             http://www.intevation.de/~wilde/
Amtsgericht Osnabrück, HR B 18998             http://www.intevation.de/
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

Attachment: pgpMerBUJUdqi.pgp
Description: PGP signature

Reply via email to