Output before header() gives visitors admin rights

179
Defect
Einar
-
2.0
0.4
Core
Invalid
High
Critical
11 years ago
8 years ago
0

Description

If you have error reporting with notice in apache, will header()-redirect fail to work because there is some notice errors before header().

Scenario: You are not logged in, then going to the admincp - the header() will now try to redirect you to login, but fails because of the notice errors. The rest of the page will now render like you where logged in and show you some info like users and some settings, and you can create users/projects/milestones etc(!), (havent looked so much at it).

Ticket History

11 years and 5 months ago by Jack

  • Closed ticket as Invalid

I've not been able to reproduce this, did you maybe setup the config.php file wrong?.