View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0002601 | HTML & PERL | Bug Report | public | 2016-09-16 05:33 | 2016-10-12 23:17 |
| Reporter | Hinoe | Assigned To | DerIdiot | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | resolved | Resolution | fixed | ||
| Fixed in Version | 2016-11 | ||||
| Summary | 0002601: It is possible to (attempt to) delete a tagreltb entry via URL hack | ||||
| Description | Deleting a tagreltb entry is a surefire way to wreck havoc in the related tag. I don't know whether recreating the entry without database magic is even possible. It is possible, by hacking the URL, to issue a del creq on tagreltb entities. While that is highly unlikely, and the offending user would certainly be made an example of, it is not outside the realm of imagination that a half-asleep mod might end up granting such a creq by pressing the wrong button or something. Please add a check that halts the action and throws an error if the user attempts to issue a del creq on that specific table. Example of such a creq in action, and of its results: https://devint.anidb.net/c7913492 | ||||
| Steps To Reproduce | https://devint.anidb.net/perl-bin/animedb.pl?show=creq&creq.delete=1&tb=tagreltb&id=XYZ Testing should obviously be done on devint only, owing to the destructive potential of this issue. | ||||
| Tags | No tags attached. | ||||
|
|
Also note in that devint creq in the creq header block, it says tag system but links the tag itself. Should be a field called tag that links the tag itself (type in this case), then another field tag system that quotes the tag system (character in this case). |
|
|
Which is a completely different thing and you're just asking baka to yell at you. :P I'll add a feature request for that. |
|
|
i don't see the issue. it creates a creq. if you grant that that is the mod's fault |
|
|
Yes, and I'd like to not see it happen. But if you don't think the risk is enough to justify it, I can live with that. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2016-09-16 05:33 | Hinoe | New Issue | |
| 2016-09-16 07:11 | CDB-Man | Note Added: 0003845 | |
| 2016-09-16 09:32 | Hinoe | Note Added: 0003846 | |
| 2016-09-29 15:43 | DerIdiot | Note Added: 0003867 | |
| 2016-09-29 18:25 | Hinoe | Note Added: 0003868 | |
| 2016-10-12 23:17 | DerIdiot | Assigned To | => DerIdiot |
| 2016-10-12 23:17 | DerIdiot | Status | new => resolved |
| 2016-10-12 23:17 | DerIdiot | Resolution | open => fixed |
| 2016-10-12 23:17 | DerIdiot | Fixed in Version | => 2016-11 |
