#179 - Output before header() gives visitors admin rights
Type Defect
Status Invalid
Milestone 2.0
Version 0.4
Component Core
Priority High
Severity Critical
Owner Einar
Assigned to -
Reported 13 years ago
Updated 10 years ago
Votes 0
Related tickets
Proposed time
Worked time

If you have error reporting with notice in apache, will header()-redirect fail to work because there is some notice errors before header().

Scenario: You are not logged in, then going to the admincp - the header() will now try to redirect you to login, but fails because of the notice errors. The rest of the page will now render like you where logged in and show you some info like users and some settings, and you can create users/projects/milestones etc(!), (havent looked so much at it).

Ticket History

Jack closed as Invalid 13 years and 9 months ago

I've not been able to reproduce this, did you maybe setup the config.php file wrong?.