Do not permit user XML import to import with role_id = ROLE_ID_SITE_ADMIN #10738
Assignees
Labels
Bug:2:Moderate
A bug that is causing problems for a substantial minority of users.
Milestone
Comments
asmecher
added
the
Bug:2:Moderate
asmecher
added a commit
that referenced
this issue
Dec 18, 2024
asmecher
added a commit
that referenced
this issue
Dec 19, 2024
asmecher
added a commit
that referenced
this issue
Dec 19, 2024
asmecher
added a commit
to pkp/ojs
that referenced
this issue
Dec 19, 2024
asmecher
added a commit
to pkp/omp
that referenced
this issue
Dec 19, 2024
asmecher
added a commit
to pkp/ops
that referenced
this issue
Dec 19, 2024
|
@asmecher has this been fixed? I see some commits and are there any testable steps? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
The XML import process can current import users with ROLE_ID_SITE_ADMIN, though the context ID is set to a non-zero value (unlike legitimate admin users). These imports should be prevented.
What application are you using?
OJS and OMP 3.3.0-x and 3.4.0-x (and probably prior)
Special thanks to Hendra and the team at OpenJournalTheme.com for identifying this issue.
The text was updated successfully, but these errors were encountered: