Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-17591

Wrong author in history when disabling a user account

    XMLWordPrintable

Details

    • Unknown
    • N/A
    • N/A

    Description

      Steps to reproduce:

      • Create 2 users U1 , U2
      • Give to the user U1 Admin rights
      • Login with U1 user
      • Go to U2 Profile page
      • Disable the U2 user using "Disable this account" button:

      Expected results:

      • The last author of the page to be the user U1, who disabled the account.

      Actual results:

      • The Administrator user, who was the last author of the page is author of the last modification. The author of the "disable" actions is the previous author of the page.

      The history is well displayed when using disable button from the Users page ( the lock button from the users table)

      Attachments

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-21611 Disabling a user account changes its author, allowing RCE from user account

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

          Activity

            People

              acotiuga Alex Cotiugă
              andreic Camelia Andrei
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: